In this article i want to show you what is Xss attack
"XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it."
That is a very good definition that you can read more about it in owasp
But we are developers :) so let's look at it in the code
<?php echo '<div>' . $_GET["title"] . '</div>'; echo '<div>' . $_GET["body"] . '</div>'; echo '<div>' . $_GET["footer"] . '</div>';
For example if you have somethings like it in your code you are in danger of Xss attack.
for example consider someone send
with get method, then you will serve sth like it in your page
Oh ... so someone can run js in your page :/
Ok now let's look at the different kinds of Xss attacks to be more familiar with it
Reflected XSS means that the payload is reflected, i.e. the server reads it from the request and includes it as part of the response as well.
/search.php?q=hello would be an example that then shows up on the page.
<?php echo "You searched for " . $_GET["q"]; ?>
But really how can it hurt you :/
That is a useful list that can aware you
If you find someways to store somethings like
in database or somewhere that is persistent, you can call it Stored xss then you can do many things ... that means you have js file that run in special page every time :)
let's look at this example
<script> document.write("<b>Current URL</b> : " + document.baseURI); </script>
if you send request like this
your js code will be run
And for example if you send it to the others you can easily steal the cookies from the user's browser or change the behaviour of the page on the web application as you like :)
I hope you understand Xss attack and know the different types of it
If you have any questions feel free to ask them
Have a nice time