It is basically the injection of html code.
there are 2 types of xss or cross site scripting
1. Reflected - Injecting into a dynamic variable for example a search box. Usually used for cookie stealing
2. Stored - Injecting into a variable that will be displayed every time the page is displayed. Usually Used For Defacing
In reflection they will have to click your link to see the html code you injected for example :
http://vulnerable.site/vuln.php?search=<script>alert("XSS")</script>
Obviously they would not find that without you sending it.
Stored would stay on the pages for example injecting your html into a comment box on comment.php then you're code is displayed everytime comment.php is loaded so it will be seen more often as it is persistent in the source until a system admin manual removed the html in your comment
2. Reflected
step 1. Find a searchbox http://gyazo.com/772cf38b6d9c111fd3a12d904416f8b1
step 2. Put ur html in teh searchbox http://gyazo.com/a454ba4ccc0b01de51574bb975f891ea
step 3. search and watch
http://gyazo.com/2a1ea9905dd2a569a02da635a113520c3. Stored
No comments:
Post a Comment