Main Content

Ep-4: What is XSS

Table Of Contents

Scope

  • Questions to be answered
    • What is Reflected XSS (Cross-Site Scripting)?
    • How does Reflected XSS compare to other types of XSS?
    • What does a Reflected XSS payload look like?
  • 80/20 Analysis

Reflected XSS Ex: Scenario

  • Explore definition through example
  • Scenario
    • Website forum for cat lovers
    • User just clicked on a link to show all cat photos on site

Reflected XSS Ex: Search Results View

Reflected XSS Ex: Back-end Code

Reflected XSS Ex: Payload

Reflected XSS Ex: Payload Eval Order

  • Eval order
    1. document.cookie
      • A string containing a semicolon-separated list of all cookies (i.e. key=value pairs)
    2. document.location
      • Redirection logic
    3. evil.com can view submitted cookie string

Reflected XSS Ex: Live Ex

Reflected XSS Summation

  • Process recap
    1. A victim clicks on a link with the payload
      • trusted.example.com/PAYLOADHERE
    2. The payload goes to trusted.example.com
    3. The payload is embedded in the response
      • The payload is reflected back to the user
    4. Malicious javascript sends trusted.example.com's cookies to evil.example.com
  • Attack vectors
    • Payload at the end of a long link
      • When previewing a link, only first x characters are easily viewable
    • Link shortener

XSS Types

  • Persistent
    • Stored XSS
  • Non-Persistent
    • Reflected XSS
    • DOM XSS
Discussion

0 comments