XSS:- It doesn't need an authenticated session and can be exploited when the vulnerable website doesn't do the basic validation or escaping input. Invulnerable website attacker sends text-based attack script that effects the application. Attacker XSS attack starts with simple HTML tag in the of a regular expression.
The attacker injects the value in URL or Textbox. They run our script on the vulnerable website. The website reflects the error message through pop up.
Three type of XSS
Stored XSS Attack:- In the attacker inject the script and script stored permanently on the target server.
Reflected XSS Attack:- In this attacker inject the script and website thrown the error message.
DOM XSS Attack:- It generally involved in server site controller, script sent to the client but not sanitize.
Megitation:- 1. Understand all the potential areas where untrusted input inject
2. Specify character encoding like UFT-8
3. Input validation. Transform hazardous character into a character
The attacker injects the value in URL or Textbox. They run our script on the vulnerable website. The website reflects the error message through pop up.
Stored XSS Attack:- In the attacker inject the script and script stored permanently on the target server.
Reflected XSS Attack:- In this attacker inject the script and website thrown the error message.
DOM XSS Attack:- It generally involved in server site controller, script sent to the client but not sanitize.
Megitation:- 1. Understand all the potential areas where untrusted input inject
2. Specify character encoding like UFT-8
3. Input validation. Transform hazardous character into a character
No comments:
Post a Comment