Understanding cross-site scripting
Cross-site scripting (XSS) is a type of injection-based attack that allows a threat actor to inject client-side scripts into a vulnerable web application. When anyone visits the web page containing the XSS code, the web page is downloaded to the client's web browser and executes with the malicious scripts in the background. XSS attacks are carried out by exploiting web application security vulnerabilities in a dynamically created web page. Threat actors usually perform XSS attacks on vulnerable applications for various reasons, such as redirecting a user to a malicious URL, data theft, manipulation, displaying hidden IFrames, and showing pop-up windows on a victim's web browser.
As an aspiring ethical hacker and penetration tester, it's important to understand the characteristics of various following types of XSS attacks:
- Stored XSS
- Reflected XSS
- Cross-site request forgery (CSRF)
Stored XSS is persistent on...