Posts

Showing posts with the label Stored

Introduction to XSS - Methods, Impact and Prevention

Image
When searching for hacking tutorials or reading through write ups, definitely you will come across the term XSS. In this post, I am going to explain what is XSS, what are it's impacts and how to achieve it with few examples.

XSS aka Cross Site Scripting is a vulnerability which allow the attacker to inject and execute JavaScript code on the target website. This allow attacker to log the victim details, make a phishing page, bypass csrf, get cookies and many more.

XSS is of 2 types. Stored and Reflected.

Stored XSS is the type of XSS when the user entered data is stored in the server and the displayed in any other page. For example parameters like name, place, about etc can be vulnerable to stored XSS.
That said, fields like password are stored once and never retrieved or showed in future, hence it is not vulnerable to stored XSS.

When this can be exploited?




The developer isn't validating user inputs.The developer added certain validations but they are client side only.
How to Ex…