Ethical Hacking - Cross Site Scripting, types of attack and Quick Tip
Also by hijacking the accounts, changing user settings, and poisoning the cookie, false advertising and by creating Dos attacks, the attacker can gather data.
For instance, a vulnerable website which is got by metasploitable machine is taken. The field highlighted in red arrow for XSS is tested.
Initially a simple alert script is created
alert(‘I am Vulnerable’);
Types of XSS Attacks
XSS attacks are divided into three types −
- Persistent XSS - where the malicious string originates from the website's database.
- Reflected XSS - where the malicious string originates from the victim's request.
- DOM-based XSS - where the vulnerability is in the client-side code rather than the server-side code.
Usually cross-site scripting is identified by the vulnerability scanners enabling them to avoid
The best vulnerability scanners are Burp Suite and acunetix.
Some of the tips to prevent XSS attacks are −
- All the form fields like hidden forms, headers, cookies, query strings need to be checked and validated.
- A stringent security policy needs to be implemented. Set character limitation in the input fields.