What is an XSS attack? What are the types of XSS attacks?

Foreword:

There are many ways to attack network security, including XSS attacks, SQL injection attacks, URL tampering and so on. So what exactly is an XSS attack? What types of XSS attacks are there? Today I will explain to you.
　　

What is an XSS attack?

XSS attacks are also called cross-site scripting. The focus of XSS is not on cross-sites, but on the execution of scripts. XSS is a computer security vulnerability that often appears in web applications. It is caused by the inadequate filtering of user input by web applications. It allows malicious web users to implant code into pages that are provided to other users.

What are the types of XSS attacks?

There are three common XSS attacks: reflective XSS attacks, DOM-based XSS attacks, and storage XSS attacks.

The first type: reflective XSS attack

Reflected XSS attacks generally involve attackers using specific methods to induce users to visit a URL containing malicious code. When the victim clicks on these specially designed links, the malicious code will be executed directly on the browser on the victim's host. Such XSS attacks usually appear in the search bar of the website, the user login port, etc., and are often used to steal client cookies or phishing scams.

The second type: DOM-based XSS attack

The script program on the client side can dynamically check and modify the content of the page without relying on the data on the server side. For example, if the client extracts data from the URL and executes it locally, if the data entered by the user on the client contains malicious JavaScript scripts, and these scripts are not properly filtered or disinfected, then the application may be DOM-based. XSS attack.

Need to pay special attention to the following user input sources document.URL, location.hash, location.search, document.referrer, etc.

The third type: storage type XSS attack

The attacker uploads or stores the malicious code in the vulnerable server in advance, and the malicious code will be executed as long as the victim browses the page containing the malicious code. This means that as long as visitors who visit this page, they are likely to execute this malicious script, so the harm of stored XSS attacks will be even greater. This type of attack generally occurs in interactions such as website messages, comments, blog logs, etc., and malicious scripts are stored in the database of the client or server.