Cross-Site Scripting (XSS) is a web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. Understanding XSS is crucial for both offensive and defensive security.
Reflected XSS
Malicious script is reflected off a web server, such as in an error message or search result.
Stored XSS
Malicious script is permanently stored on target servers, such as in databases or message forums.
DOM-based XSS
Vulnerability exists in client-side code rather than server-side code.
Blind XSS
Similar to stored XSS but occurs in applications that don't reflect the output back to the user.
Common XSS Contexts:
•
HTML Context: Direct injection into HTML content
•
Attribute Context: Injection into HTML attributes
•
JavaScript Context: Injection into JavaScript code
•
CSS Context: Injection into CSS stylesheets
•
URL Context: Injection into URL parameters
Prevention Techniques:
•
Input Validation: Validate and sanitize all user inputs
•
Output Encoding: Encode data when outputting to HTML
•
Content Security Policy (CSP): Restrict resource loading
•
HTTPOnly Cookies: Prevent JavaScript access to cookies
•
X-XSS-Protection Header: Enable browser XSS filtering
Testing Methodology:
• Identify input vectors and reflection points
• Test different contexts (HTML, attribute, JavaScript, etc.)
• Attempt encoding bypasses and filter evasion
• Test for stored XSS in persistent data
• Verify impact and create proof-of-concept