What is Cross-Site Scripting (XSS)? Cross-Site Scripting
XSS refers to a group of attack methods that mainly involve bypassing client-side security and injecting malicious code into webpages to gain heightened priviledges and information (such as session data) from users who access the compromised website. This might be achieved by redirecting the users to a fake site that looks identical to the original, which in turn captures the cookie and session data of the user.
I only need to know one thing: where they are
Anytime, anywhere, man! Malicious scripts can be injected in a number of ways. These include such tags as:
- <EMBED> - This can be used to execute malicious code embedded in, for example, a Flash file
- <OBJECT> - This can be used to bring a malicious script in from an external site
- <DIV> - This can be used to specifiy a background image... however, this "image" can be javascript!
- <TABLE> - Again, a background can be set to be a script
- <LINK> - The HREF property of link can be set to javascript
- <INPUT> - If the type is IMAGE, the SRC can be javascript once again
- <IFRAME> - Allows direct importing of HTML, which can contain a script
- <IMAGE> - Yet another image hack
- <BODY> - A background vulnerability, plus a bonus ONLOAD event!
- <SCRIPT> - Kind of obvious
If you're dynamically updating the content of a page, and one or more of these tags are added to an unsanitised input form, your page has been compromised. This puts your users and your credibility at risk.