Introduction to Cross-Site Scripting
Cross-Site Scripting (XSS) is a type of security vulnerability that occurs when a web application allows attackers to inject malicious scripts into web pages viewed by other users.
This happens when the web application does not properly validate or sanitize user input before including it in the output it generates.
The primary goal of an XSS attack is to execute malicious scripts in the context of a user's browser, often leading to the theft of sensitive information, session hijacking, or other malicious activities.
There are three main types of XSS,and I will simplify them below;
Stored XSS
Stored XSS is like slipping a hidden message into a shared online space.
When someone opens a specific page there, the hidden message, or code, runs without them knowing.
This sneaky code can affect people who visit that particular page.
It's a bit like a virus spreading through a shared online diary.
Reflected XSS
Reflected XSS is akin to clicking on what seems to be a harmless link, like an online ad.
However, the website tricks you into revealing a hidden message or script when you click.
You might not realize it, but now your device has been exposed to this hidden script.
It's like unexpectedly catching a computer virus by clicking on something you thought was safe.
DOM-Based XSS
Picture a magic book that changes its contents based on your drawings (client-side scripts).
The book uses your drawings to create a story (manipulating the Document Object Model or DOM).
If a sneaky person alters your drawings (input not properly validated), the story changes to something unexpected.
So, this attack happens in the magical book's system, not the original drawings.
Genesis 32:10
I am not worthy of the least of all the deeds of steadfast love and all the faithfulness that you have shown to your servant, for with only my staff I crossed this Jordan, and now I have become two camps.
