1.What is cross-site scripting (XSS)

(1)concept

Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user’s data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application’s functionality and data.XSS attack refers to cross-site scripting attack, which is a kind of code injection attack. Attackers inject malicious scripts into the website to make it run on the user’s browser, thereby stealing user information such as cookies, etc.

The essence of XSS is that because the website does not filter malicious code, it is mixed with normal code, and the browser has no way to distinguish which scripts are credible, which leads to the execution of malicious cod

Attackers can use this attack method to perform the following operations:

  • Get page data, such as DOM, cookie, localStorage;
  • DOS attack, sending reasonable requests, occupying server resources, so that users cannot access the server;
  • damage the page structure;
  • Traffic hijacking (pointing a link to a website);

(2)attack type

XSS can be divided into storage type, reflecti

There are three main types of XSS attacks. These are:Reflected XSS、Stored XSS、DOM-based XSS

  • Reflected XSS, where the malicious script comes from the current HTTP request.
  • Stored XSS, where the malicious script comes from the website’s database.
  • DOM-based XSS, where the vulnerability exists in client-side code rather than server-side code.

1)The attack steps of storage type XSS

  1. The attacker submits malicious code to the database of the target website.
  2. When the user opens the target website, the website server retrieves the malicious code from the database, splices it in HTML and returns it to the browser.
  3. The user browser parses and executes the response after receiving it, and the malicious code mixed in it is also executed.
  4. Malicious code steals user data and sends it to the attacker’s website, or impersonates the user, calling the target website interface to perform the operation specified by the attacker.

This kind of attack is common in website functions with user saved data, such as forum posts, product reviews, and user private messages.

2)Attack steps of reflected XSS:

  1. Attackers craft special URLs that contain malicious code.
  2. When a user opens a URL with malicious code, the website server will extract the malicious code from the URL, splice it in HTML and return it to the browser.
  3. The user browser parses and executes the response after receiving it, and the malicious code mixed in it is also executed.
  4. Malicious code steals user data and sends it to the attacker’s website, or impersonates the user, calling the target website interface to perform the operation specified by the attacker.

The difference between reflected XSS and stored XSS is that the malicious code of stored XSS is stored in the database, and the malicious code of reflected XSS is stored in the URL.

Reflected XSS vulnerabilities are common in functions that pass parameters through URLs, such as website search and redirection. Since users need to actively open malicious URLs to take effect, attackers often combine multiple methods to induce users to click.

3)DOM-based XSS attack steps:

  1. Attackers craft special URLs that contain malicious code.
  2. A user opens a URL with malicious code.
  3. After the user’s browser receives the response, it parses and executes it, and the front-end JavaScript takes out the malicious code in the URL and executes it.
  4. Malicious code steals user data and sends it to the attacker’s website, or impersonates the user, calling the target website interface to perform the operation specified by the attacker.

The difference between DOM-type XSS and the previous two types of XSS: In DOM-type XSS attacks, the removal and execution of malicious code is completed by the browser, which is a security vulnerability of the front-end JavaScript itself, while the other two types of XSS are security vulnerabilities of the server.