* Reference.
| Stored XSS
Stored XSS is an Web Attack that is executed when an Hacker inserts a malicious script into a web function such as writing or commenting on a bulletin board, inject the script on a web server, and then another user accesses the web pages.
1. Insert Malicious Script in the Comments section.
2. Insert Malicious SCripts into Bulletin Posts.
The Save type is usually a 'write' feature, so it is easy to try XSS. However if the html tag, script syntax is filtered, the script syntax cam be applied in the request packet after configuring the MITM environment with the Web Proxy Tool. (ex. Fiddler, BurpSuite ..)
| Reflected XSS
Reflected XSS is an attack in which an hacker inserted script is not stored on a server, but is reflected an executed in the user's browser.
1. Insert Malicious Script into URL Query Parameters.
ex. http://www.sample.com/search?site=<script>alert('hello')</script>
2. Running a script on the Search Results Page.
If the value you enter on the search page return to HTML Code, run when you include a malicious script in the search value.
| DOM-based XSS
DOM-based XSS is a vulnerability that occurs when dealing with DOM in Client Side Javascript, which is not affected by the server and only occurs on the client side.
1. Insert scripts using innerHTML.
When Javascript Code processes user input into innerHTML, HTML containing malicious code may be inserted into the DOM and executed.
2. Insert a script using location.hash, document.URL.
When manipulating DOM by fetching input from a URL hash or document URL, malicious code may be inserted and executed.
| XSS Cheat Sheat
- <script>alert('XSS')</script>
- <img src="javascript:alert('XSS')">
- <a href="javascript:alert('XSS')">Click me</a>
- <iframe src="javascript:alert('XSS')"></iframe>
- <object data="javascript:alert('XSS')"></object>
- <meta http-equiv="refresh" content="0;url=javascript:alert('XSS')">
- <body onload="alert('XSS')">
- <input type="text" value="<script>alert('XSS')</script>">
댓글 없음:
댓글 쓰기