Cross-Site Scripting, better known as XSS in the cybersecurity community, is classified as an injection attack where malicious JavaScript gets injected into a web application with the intention of being executed by other users.
Session Stealing
Details of a user’s session, such as login tokens, are often kept in cookies on the targets machine.
The attacker could send links or embed them into an iframe on another website containing a JavaScript payload to potential victims getting them to ==execute code on their browser, potentially revealing session or customer information.==
Need to test every possible point of entry; these include:
Parameters in the URL Query String
URL File Path
Sometimes HTTP Headers (although unlikely exploitable in practice)
Stored XSS
The malicious JavaScript could redirect users to another site, steal the user's session cookie, or perform other website actions while acting as the visiting user.
DOM Based XSS
DOM Based XSS is where the JavaScript execution happens directly in the ==browser without any new pages being loaded or data submitted to backend code.==
The website’s JavaScript gets the contents from the window.location.hash parameter and then writes that onto the page in the currently being viewed section.
Blind XSS
Is similar to a stored XSS in that your payload gets stored on the website for another user to view, but in this instance, ==you can’t see the payload working or be able to test it against yourself first.==
Using the correct payload, the attacker’s JavaScript could make calls back to an attacker’s website, revealing the staff portal URL, the staff member's cookies, and even the contents of the portal page that is being viewed.
Polyglot
An XSS polyglot is a string of text which can escape attributes, tags and bypass filters all in one.