modul:m183:learningunits:lu10:lu10a

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
Nächste Überarbeitung		 Vorhergehende Überarbeitung
modul:m183:learningunits:lu10:lu10a [2025/12/27 20:53] – [Related Topics] dgaravaldimodul:m183:learningunits:lu10:lu10a [2025/12/27 21:02] (aktuell) dgaravaldi
Zeile 18: Zeile 18:
  
 To execute a **stored XSS attack**, the attacker must find a vulnerability in a web application where user input is stored without proper validation or escaping. A common example is when a comment field or form accepts HTML input and embeds it directly into pages viewed by other users.  To execute a **stored XSS attack**, the attacker must find a vulnerability in a web application where user input is stored without proper validation or escaping. A common example is when a comment field or form accepts HTML input and embeds it directly into pages viewed by other users. 
- 
-{{stored_xss.png?300}} 
  
 **Example**: An attacker enters a comment containing JavaScript that steals session cookies. Every visitor who views the comment will run the malicious script unknowingly.  **Example**: An attacker enters a comment containing JavaScript that steals session cookies. Every visitor who views the comment will run the malicious script unknowingly. 
Zeile 25: Zeile 23:
 \\ \\
 ==== Stored XSS Attack — Step by Step ==== ==== Stored XSS Attack — Step by Step ====
-1. The attacker discovers a page with an input field that allows HTML.  +{{:modul:m183:learningunits:lu10:stored-xss.png?600}} 
-2. They insert malicious JavaScript code into that field.  + 
-3. The application stores and later serves that code as part of normal content.  +    - The attacker discovers a page with an input field that allows HTML. 
-4. When other users visit the page, their browser executes the attack script. +    They insert malicious JavaScript code into that field.  
 +    The application stores and later serves that code as part of normal content. 
 +    When other users visit the page, their browser executes the attack script. 
  
 \\ \\
Zeile 40: Zeile 40:
 \\ \\
 ==== Related Topics ==== ==== Related Topics ====
-[1]: https://www.imperva.com/learn/application-security/cross-site-scripting-xss-attacks/?utm_source=chatgpt.com "What is XSS | Stored Cross Site Scripting Example - Imperva" +[1]: https://owasp.org/www-community/attacks/xss/ "Cross Site Scripting (XSS) | OWASP"
-[2]: https://owasp.org/www-community/attacks/xss/ "Cross Site Scripting (XSS) | OWASP"+
  
-[3]: https://developer.mozilla.org/docs/Web/Security/Attacks/XSS?utm_source=chatgpt.com "Cross-site scripting (XSS) - Security | MDN"+[2]: https://developer.mozilla.org/docs/Web/Security/Attacks/XSS?utm_source=chatgpt.com "Cross-site scripting (XSS) - Security | MDN"
  
  • modul/m183/learningunits/lu10/lu10a.1766865233.txt.gz
  • Zuletzt geändert: 2025/12/27 20:53
  • von dgaravaldi