Chapter 10. Cross-Site Scripting

Cross-Site Scripting (XSS) vulnerabilities are some of the most common vulnerabilities throughout the internet. They have appeared as a direct response to the increasing amount of user interaction in today’s web applications.

At its core, an XSS attack functions by taking advantage of the fact that web applications execute scripts on users’ browsers. Any type of dynamically created script that is executed puts a web application at risk if the script being executed can be contaminated or modified in any way—in particular by an end user.

XSS attacks are categorized a number of ways, with the big three being:

• Stored (the code is stored on a database prior to execution)

• Reflected (the code is not stored in a database, but reflected by a server)

• DOM-based (code is both stored and executed in the browser)

There are indeed categorical variations beyond this, but these three encompass the types of XSS that most modern web applications need to look out for on a regular basis. These three types of XSS attacks have been designated by committees like the Open Web Application Security Project (OWASP) as the most common XSS attack vectors on the web. We will discuss all three of these further, but first let’s take a look at how an XSS attack could be generated and a bug enabling such an attack could be found.