XSS and its Types in Web App Penetration Testing | 2023

Uncovering Cross-Site Scripting Vulnerabilities with its Types | Karthikeyan Nagaraj

1. Understanding Cross-Site Scripting (XSS)

Cross-Site Scripting, often abbreviated as XSS, is a security vulnerability that arises when a web application includes unvalidated or unescaped user input in the output it generates. This enables an attacker to inject malicious scripts into web pages that are viewed by other users, potentially compromising their data and security.

1.1 Stored XSS

Stored XSS occurs when an attacker injects a malicious script that gets permanently stored on a target website. When other users access the compromised page, the script is executed, leading to potential data theft or other malicious activities.

1.2 Reflected XSS

Reflected XSS happens when the malicious script is embedded in a URL, email, or another web-based resource. The script is then executed when a user clicks on the manipulated link, and the injected code is reflected off a web server.

1.3 DOM-Based XSS

DOM-Based XSS is a more sophisticated form of XSS where the attack takes place…