Learning about Cross-Site scripting
In this section, we will discuss the Cross-Site Scripting (XSS) attack. XSS attacks exploit vulnerabilities in dynamically-generated web pages, and this happens when invalidated input data is included in the dynamic content that is sent to the user's browser for rendering.
Cross-site attacks are of the following two types:
Persistent or stored XSS
Nonpersistent or reflected XSS
Persistent or stored XSS
In this type of attack, the attacker's input is stored in the web server. In several websites, you will have seen comment fields and a message box where you can write your comments. After submitting the comment, your comment is shown on the display page. Try to think of one instance where your comment becomes part of the HTML page of the web server; this means that you have the ability to change the web page. If proper validations are not there, then your malicious code can be stored in the database, and when it is reflected back on the web page, it produces...
