Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client side script into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access control.
XSS is very similar to SQL-Injection. In SQL-Injection we exploited the vulnerability by injecting SQL Queries as user inputs. In XSS, we inject code (basically client side scripting) to the remote server.
Types of XSS:-
1.Non-Persistent
2.Persistent
In Non-Persistent attack, it requires a user to visit the specially crafted link by the attacker. When the user visit the link, the crafted code will get executed by the user’s browser.
Example-
In persistent attack, the code injected by the attacker will be stored in a secondary storage device (mostly on a database). The damage caused by Persistent attack is more than the non-persistent attack. Here we will see how to hijack other user’s session by performing XSS.
Prevention from XSS Attack:-
This is vulnerable code in for XSS Attack.
To Prevent this attack ,change the your coding which is given below.
XSS is very similar to SQL-Injection. In SQL-Injection we exploited the vulnerability by injecting SQL Queries as user inputs. In XSS, we inject code (basically client side scripting) to the remote server.
Types of XSS:-
1.Non-Persistent
2.Persistent
In Non-Persistent attack, it requires a user to visit the specially crafted link by the attacker. When the user visit the link, the crafted code will get executed by the user’s browser.
Example-
index.php?name=guest<script>alert('attacked')</script>
When the victim load the above URL into the browser, he will see an
alert box which says ‘attacked’. Even though this example doesn’t do any
damage, other than the annoying ‘attacked’ pop-up.In persistent attack, the code injected by the attacker will be stored in a secondary storage device (mostly on a database). The damage caused by Persistent attack is more than the non-persistent attack. Here we will see how to hijack other user’s session by performing XSS.
Prevention from XSS Attack:-
This is vulnerable code in for XSS Attack.
To Prevent this attack ,change the your coding which is given below.
0 comments:
Post a Comment