Cross site scripting: Difference between revisions
imported>Justin C. Klein Keane (initial stub) |
imported>Justin C. Klein Keane No edit summary |
||
| Line 1: | Line 1: | ||
{{subpages}} | |||
Cross site scripting (XSS) is a programming flaw that allows attackers to inject arbitrary script into a web site. There are two main types of cross site scripting - stored and reflected. DOM based cross site scripting is a third type of cross site scripting. | Cross site scripting (XSS) is a programming flaw that allows attackers to inject arbitrary script into a web site. There are two main types of cross site scripting - stored and reflected. DOM based cross site scripting is a third type of cross site scripting. | ||
=Stored Cross Site Scripting= | ==Stored Cross Site Scripting== | ||
Stored cross site scripting involves a persistent script that an attacker can inject into a web application that is served to other requesters of a web page. A typical example of a stored XSS occurs when a malicious script is stored in a database that is used to compose page content for site visitors. This results in every site visitor requesting pages composed of database data containing malicious script. | Stored cross site scripting involves a persistent script that an attacker can inject into a web application that is served to other requesters of a web page. A typical example of a stored XSS occurs when a malicious script is stored in a database that is used to compose page content for site visitors. This results in every site visitor requesting pages composed of database data containing malicious script. | ||
=Refelcted Cross Site Scripting= | ==Refelcted Cross Site Scripting== | ||
Reflected cross site scripting is a vulnerability that results when malicious scripts in request parameters are used to compose page responses in web applications. Reflected XSS does not persist, but is still useful for attackers who can obfuscate parameters and perform trust exploitation attacks. | Reflected cross site scripting is a vulnerability that results when malicious scripts in request parameters are used to compose page responses in web applications. Reflected XSS does not persist, but is still useful for attackers who can obfuscate parameters and perform trust exploitation attacks. | ||
==References== | |||
<references/> | |||
Revision as of 17:44, 2 August 2010
Cross site scripting (XSS) is a programming flaw that allows attackers to inject arbitrary script into a web site. There are two main types of cross site scripting - stored and reflected. DOM based cross site scripting is a third type of cross site scripting.
Stored Cross Site Scripting
Stored cross site scripting involves a persistent script that an attacker can inject into a web application that is served to other requesters of a web page. A typical example of a stored XSS occurs when a malicious script is stored in a database that is used to compose page content for site visitors. This results in every site visitor requesting pages composed of database data containing malicious script.
Refelcted Cross Site Scripting
Reflected cross site scripting is a vulnerability that results when malicious scripts in request parameters are used to compose page responses in web applications. Reflected XSS does not persist, but is still useful for attackers who can obfuscate parameters and perform trust exploitation attacks.