Web Pentest - Cross-Site Scripting
Cross-Site Scripting
Stored XSS
Stored (persistent) XSS attacks - the exploit payload is stored by a server – in a DB or cached. The web app then fetches the payload and displays it to the vulnerable page’s visitors. Stored XSS vulnerabilities occur most often in forum software, eg in comment sections or in product reviews.
Reflected XSS
Reflected XSS attacks usually include the payload in a crafted request or link. The web app takes the input and places it into the page content. Stored XSS affects all users; reflected XSS only attacks the person submitting the request or visiting the link. Reflected XSS vulnerabilities occur in search fields and results, as well as anywhere user input is included in error messages.
DOM-Based XSS
Stored and Reflected XSS can manifest as client- (browser) or server-side; they can also be DOM-based.
DOM-based XSS takes place solely within the page’s Document Object Model (DOM). Browsers parse a page’s HTML content and then generate an internal DOM representation; DOM-based XSS occurs when a page’s DOM is modified with user-controlled values. DOM-based XSS can be stored or reflected. XSS attacks occur when a browser parses the page’s content and inserted JavaScript is executed.
Impacts of XSS include session hijacking, forced redirection to malicious pages, execution of local applications as that user, or even trojanized web applications.