Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Web8: XSS Exploits - Part 2: Stored XSS
In the previous post, we learned about XSS (Cross Site Scripting) errors and the actual exploitation direction of XSS Reflected. Another type of XSS that is considered more dangerous is Stored XSS.
Unlike Reflected, which directly attacks some of the victims that hackers target, Stored XSS targets more victims. This error occurs when the web application does not thoroughly check the input data before saving it to the database (here I use this term to refer to the database, files or other areas where the application's data is stored). web).
With Stored XSS technique, hackers do not exploit directly, but must perform at least 2 steps.
First, hackers through the input points (form, input, text area.) do not filter carefully to insert dangerous code into the database.
Next, When the user accesses the web application and performs operations related to this saved data, the hacker's code will be executed on the user's browser.
At this point, the hacker seems to have achieved his goal. For this reason, the Stored XSS technique is also known as second-order XSS.
The mining scenario is described as follows:
Reflected XSS and Stored XSS have two major differences in the attack process.
- First, to exploit Reflected XSS, the hacker must trick the victim into accessing his URL. And Stored XSS does not need to do this, after inserting malicious code into the application's database, the hacker just waits for the victim to automatically access. For victims, this is completely normal because they do not know that the data they access has been infected.
- Second, the hacker's goal is easier to achieve if the victim is still in the session of the web application at the time of the attack. With Reflected XSS, a hacker can convince or trick a victim into logging in and then accessing the URL he provides to execute malicious code. But Stored XSS is different, because the malicious code is stored in the Web database, whenever the user accesses the related functions, the malicious code will be executed, and most likely these functions require authentication. real(login) first so obviously the user is still in the session during this time.
From these things, it can be seen that Stored XSS is much more dangerous than Reflected XSS, the affected objects can be all but the users of that web application. And if the victim has an administrative role, there is also the risk of web hijacking.
Jessica TannerYou should read it
- Web2: SQL Injection - Other Exploits
- Phishing attack: The most common techniques used to attack your PC
- Web4: SQL injection - Exploitation steps
- Learn about the Whaling network attack technique
- What is Cryptojacking and how to combat this malware?
- Web7: XSS Exploits – Part 1: Reflected XSS
- Web5: SQL injection - Some techniques to bypass the filtering mechanism
- Cold boot, an attack technique 10 years ago can crack the encryption of most PCs today
May be interested
- Extract the password saved on Chrome in .CSV format
in the latest version of chrome web browser, google has added a new feature that allows users to export all password data stored in the .csv format. - Learn about the Windows Registry - Part Iabout the registry: the registry is a database used to store windows specifications. it records all information when you change, edit in settings menu, control panel ....
- Microsoft Windows Power Shell and SQL Server 2005 SMO - Part 4part i and part ii of this series showed simple power shell settings, smo and wmi cmdlets. part iii instructs writing powershell and connecting to sql server. part 4 will show you how to use powershell code to iterate file content and connect to other servers.
- Where are Google Photos photos stored? How to find them?google photos is a great way to back up photos you've taken to the cloud so you can access them from any device. let's explore how to make sure you have the correct backup settings to sync your photos and find them later!
- Cmdkey command in Windowsthe cmdkey command creates, lists and deletes stored usernames and passwords or stored login information.
- The most basic insights to becoming a Hacker - Part 3cookies are small pieces of structured data shared between the web site and the user's browser. cookies are stored under small text files (size less than 4k). they are created by sites to store / track / identify information about users who have visited the site and the areas they visited in the site.
- Deploy Data Protection Manager 2007 (Part 1)data protection manager (dpm) is designed to protect microsoft applications and servers in an active directory environment. dpm uses continuous data protection. dpm server protects servers by creating and maintaining a copy of the information stored at c
- Deploy Data Protection Manager 2007 (Part 4)data protection manager (dpm) is designed to protect microsoft applications and servers in an active directory environment. dpm uses continuous data protection. dpm server protects servers by creating and maintaining a copy of the information stored at c
- How to Be Good at Artart is part craft, part creativity, and part business. to become a better artist, you need to both connect yourself to experts who can teach you advanced techniques, develop an original style, and figure out how to make the money necessary...
- How to delete all photos stored on iPhonewhether you are switching photo storage services or just want to start over, you can do the following steps to delete all photos from your iphone.
Web7: XSS Exploits – Part 1: Reflected XSS
Web5: SQL injection - Some techniques to bypass the filtering mechanism
Web6: SQL Injection - Some Exploit Tools
Free VPN: Is There More?
Pros and cons of passwordless authentication
What is DNS Amplification Attack?