Cross Site Scripting (XSS) Explained [Short Version]
Many people, including some in the IT and InfoSec fields, lack a decent grasp of Cross Site Scripting (XSS). Here's a summary in a few points.
- Websites commonly display user-entered content back to them during as part of their regular functionality.
- So, when you search for dogs in a common search engine, you often see something like, "You searched for "dogs"." in your results.
- Cross Site Scripting (XSS) is when you can send code to a site and have it get bounced or reflected back to you instead of just text.
- Some code, such as Javascript, that gets reflected back to you gets run in your browser.
- Attackers get people to run malicious code by creating pre-defined links that contain URLs that send queries to XSS vulnerable sites.
- These links include code that, when run, will do things like send the victim's cookies from that site to another place on the Internet.
- Attackers then create a ton of these links for sites that they think could yield valuable information (such as banks).
- They then send these links out and wait for them to be clicked on.
- When a victim clicks the link, they make the query to the vulnerable form (often a search field) that includes the malicious code.
- That code is then reflected back to the victim's browser (just like "dog"), and it is then run.
- Cookies for a given site can only be read by that site, but because the victim is making the request, and the code that gets reflected back comes from the site that the attacker is targeting, any request to read the victim's cookies will be successful.
- The attacker just received your cookies from your bank, or stock trading site, or whatever.
- The key concept is that the attacker gets the VICTIM to make a request to a vulnerable site, and the code that gets reflected back is run in the victim's browser.