What is cross site scripting attack ?

You must have ever heard that a trusted website gets injected with a malicious script attack. Generally people refer this as a “Cross Site Scripting” attack.

The XSS is an attack in which attacker inject some malicious code (java script or html) into the input field or in address bar of the webpage

The XSS scripts injected into a website can leak out sensitive data and information including cookies, session tokens, authentication tokens, to do Phishing attacks, Stealing bank accounts information, website defacement. The vulnerability of the XSS attack is very frequent but hard to patch.

How the Attacker execute their code:

Attackers first Test the target website is vulnerable to XSS attack or not by executing some malicious code. They first search for the user input field and address bar (url bar). They put different different code and try to execute it if the code get executed then site is vulnerable otherwise not vulnerable.

Types of xss attack:

There are three types of xss attack

Persistent XSS: where the malicious string originates from the website’s database.

Reflected XSS: where the malicious string originates from the victim’s request.

DOM-based XSS: where the vulnerability is in the client-side code rather than the server-side code.

About

Codec Networks provides IT Trainings from EC Council CEH ECSA, LPT, CHFI, Network Security, Penetration Testing, ISACA, ISC2, PECB ISO 27001LA LI, Cisco Networking CCNA CCNP, Linux Administration RHCE, Prog Languages JAVA, Advanced Java, android development. We also offer B2B Industry Solutions and Services in IT | Information|Cyber Security in Delhi NCR India.

View all posts by