Java Reference
In-Depth Information
Stored XSS attacks are successful because of the lack of user input validation and output encod-
ing. he application interprets the input as HTML and therefore executes the malicious script,
leading to a successful XSS attack—for instance, a travel Web application that allows users to
enter reviews about their travel experiences and to book travel packages on the Web application.
If this site is vulnerable to stored XSS, an attacker may be able to input a malicious JavaScript
that redirects the user to the attacker's page, from where malware is downloaded onto the user's
system or the user's browser is taken control of. he following could be the way attack would
happen:
he user clicks on the link of his/her destination of choice to read reviews.
A legitimate user would authenticate to the application and log in.
user is redirected to another site, where malware is downloaded onto his/her system.
As soon as the page loads, the malicious script entered by the attacker is executed and the
he above example is one of the many possibilities that might occur in the case of a stored XSS attack.
12.2.3.1.2 Relected XSS
Relected XSS is an attack where the attacker enters the malicious input into an input ield
of a Web application and the script executes without storing the values in a database or a ile.
Relected XSS is the most common type of XSS found in the world today and is the most perni-
cious Web application vulnerability. Relected XSS is commonly used in phishing attacks where
the phisher discovers a XSS vulnerability on a Web application and sends the malicious URI to
unsuspecting browsers, who are directed to the URI; the script executes when the user access the
site and transmits the user's session details to the attacker, who can use the session ID to log on
as a legitimate user of the application. Chapter 5 contains a detailed explanation of a XSS-based
phishing attack.
he tester should use certain XSS vectors, described in the following sections, to test for stored
and relected XSS vulnerabilities in the application.
12.2.3.1.3 Basic XSS Vectors
he tester needs to perform validation checks against input ields that store information in the
database—for instance, ields that allow the application to edit details such as the irst name, last
name, address, and picture, among other ields. he tester may also be able to perform XSS using
nontext ields such as radio buttons and check-boxes, if the validation of input is weak or nonexis-
tent. he tester should try entering XSS attack vectors like the following:
<script>alert(document.cookie)</script>
Figure 12.12 displays the execution of a malicious JavaScript injected by an attacker, which
is executed.
12.2.3.1.4 Filter Evasion XSS Vectors
We are already aware that validation of user input is one of the methods to prevent XSS attacks
against the Web application. However, oftentimes developers employ weak input validation
Search WWH ::




Custom Search