Overview
Cross-Site Scripting (XSS) is a type of security vulnerability that allows attackers to inject malicious code into web pages viewed by other users. When a user visits a compromised web page, the injected code executes in the user’s browser and can do things like steal user data, display fake login prompts, and more.
There are three main types of XSS:
- Reflected XSS: This type of XSS occurs when an attacker injects malicious code into a web page through a URL parameter. The code is then reflected back to the user, usually in the form of an error message or search result. For example, consider a search page that displays the search results in the URL as a query parameter. An attacker could craft a URL with malicious code as the search query, and if the search page does not properly sanitize the input, the code will be executed when the user visits the page. Go check out https://hackxpert.com/labs/RXSS/GET/ to practice!
- Stored XSS: This type of XSS occurs when an attacker injects malicious code into a web page that is stored on the server. Any user who views the page will then be exposed to the injected code. For example, an attacker could post a comment on a forum with malicious code, and if the forum software does not properly sanitize user input, the code will be executed whenever a user views the comment…