02-10-2023, 06:44 PM
Hello and welcome to this basic tutorial regarding XSS
- What is XSS?
- How to exploit a simple XSS vulnerability?
- How to protect my website or app from XSS?
I hope you learned something out of this basic post
- What is XSS?
Code:
XSS stands for Cross-Site scripting, it is essentially when an app, usually a web browser or an app that parses HTML allows unsanitized user input to be displayed to other users.
- How to exploit a simple XSS vulnerability?
Code:
Example: You found a blog website that allows you to post a comment, good right? Well that website does not sanitize your input to escape characters like <>
What you can do is to insert a simple XSS testing HTML code like: <script>alert("You have been hacked!")</script>
That code would execute on everyone visiting the blog website, now you can do pretty cool things like stealing Cookies and bunch other things e.g. Obtain access to an admin account, Deface the website, etc..
- How to protect my website or app from XSS?
Code:
Do not trust the user. Consider everything being supplied by the user is malicious, escape characters from user supplied input, use good coding practices and do your research starting with optimal server configuration that fit your needs to documentation regarding functions and libraries you use in your programming language of choice
I hope you learned something out of this basic post
If you have any questions, please PM dkota