The attacker can achieve a wide variety of goals by abusing an XSS vulnerability. He could make the victim’s browser send sensitive data including cookies and session information, personally identifiable information, or redirect the victim to a malicious webpage. He may gain access to the victim’s webcam, location, microphone and specific parts of their file system. The XSS attack can also be used in combination with other techniques as a first step in advanced attacks aiming for malware distribution, identity theft, and other malicious goals.
If you are unsure about safety of your web assets, LIFARS can help you with testing for potential XSS vulnerabilities.
XSS attacks are generally distinguished into three basic categories.
Stored XSS (Type I)
When user input is stored on the vulnerable server in form of a database entry, comment, visitor log, user nickname, customer details or similar, while it is improperly sanitized, the attacker may be able to place a malicious script as a part of the entered data. When an unsuspecting user views the website, their browser executes the script while rendering webpage contents.
Reflected XSS (Type II)
When a web application contains user parameters in the URL (after the question mark “?”, e.g. https://www.example.com/index.php?username=Joe) and processes them without proper sanitization, the attacker may craft a parameter that contains a malicious script. It can be obfuscated, so the victim is not alarmed. Such crafted URL link may be sent to the victim by email, or posted on a forum. After the victim clicks on the link, the webpage will send the malicious code to their browser. Since the data came from a trusted domain, the browser will execute the code.
DOM-based XSS (Type 0)
OWASP categorizes these overlapping three sets further into Client XSS and Server XSS. The former considers untrusted user input used to update DOM, while the latter considers the input being included in a server generated HTML response.
To prevent XSS attacks the web application has to sanitize all user input properly. This is not an easy task, since the attackers are creative in ways to avoid these controls. If you are unsure about safety of your web assets, LIFARS can help you with testing them for potential XSS vulnerabilities.