Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- modul:m183:learningunits:lu10:lu10a [2025/12/27 19:08] – dgaravaldi
+++ modul:m183:learningunits:lu10:lu10a [2025/12/27 21:02] (aktuell) – dgaravaldi
@@ Zeile 6: / Zeile 6: @@
 \\
-\\
+==== Types of XSS Attacks ====
-===== Types of XSS Attacks =====
 There are **two major types** of cross-site scripting attacks commonly discussed:
@@ Zeile 14: / Zeile 13: @@
   * **Reflected XSS (Non-Persistent)** – A malicious script is embedded in a URL or request, then reflected off the web server back to the user’s browser when the link is visited.
-\\
 \\
-===== What is Stored Cross-Site Scripting =====
+==== What is Stored Cross-Site Scripting ====
 To execute a **stored XSS attack**, the attacker must find a vulnerability in a web application where user input is stored without proper validation or escaping. A common example is when a comment field or form accepts HTML input and embeds it directly into pages viewed by other users.
-{{stored_xss_example.png?300}}
 **Example**: An attacker enters a comment containing JavaScript that steals session cookies. Every visitor who views the comment will run the malicious script unknowingly.
 \\
-\\
+==== Stored XSS Attack — Step by Step ====
-===== Stored XSS Attack — Step by Step =====
+{{:modul:m183:learningunits:lu10:stored-xss.png?600}}
-. The attacker discovers a page with an input field that allows HTML.
-. They insert malicious JavaScript code into that field.
+    - The attacker discovers a page with an input field that allows HTML.
-. The application stores and later serves that code as part of normal content.
+    - They insert malicious JavaScript code into that field.
-. When other users visit the page, their browser executes the attack script.
+    - The application stores and later serves that code as part of normal content.
+    - When other users visit the page, their browser executes the attack script.
 \\
-\\
+==== How Stored XSS Endangers Users ====
-===== How Stored XSS Endangers Users =====
 Stored XSS is especially dangerous because:
-* It can impact **all users** who view the infected page.
+  * It can impact **all users** who view the infected page.
-* Attacker-controlled scripts can steal session credentials or redirect users to phishing sites.
+  * Attacker-controlled scripts can steal session credentials or redirect users to phishing sites.
-* Malicious payloads can embed external JavaScript that reports user data back to the attacker.
+  * Malicious payloads can embed external JavaScript that reports user data back to the attacker.
+\\
+==== Related Topics ====
+[1]: https://owasp.org/www-community/attacks/xss/ "Cross Site Scripting (XSS) | OWASP"
-===== Related Topics =====
+[2]: https://developer.mozilla.org/docs/Web/Security/Attacks/XSS?utm_source=chatgpt.com "Cross-site scripting (XSS) - Security | MDN"
-[1]: https://www.imperva.com/learn/application-security/cross-site-scripting-xss-attacks/?utm_source=chatgpt.com "What is XSS | Stored Cross Site Scripting Example - Imperva"
-[2]: https://www.imperva.com/learn/application-security/reflected-xss-attacks/?utm_source=chatgpt.com "Reflected XSS | How to Prevent a Non-Persistent Attack - Imperva"
-[3]: https://developer.mozilla.org/docs/Web/Security/Attacks/XSS?utm_source=chatgpt.com "Cross-site scripting (XSS) - Security | MDN"