Cross-Site Scripting (XSS)
Learn XSS through interactive browser security exercises.
Introduction to Cross-Site Scripting
theoryLearn the basics of XSS vulnerabilities and how they occur in web applications.
What is Cross-Site Scripting (XSS)?
Cross-Site Scripting (XSS) is a security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. When executed, these scripts can steal sensitive information, manipulate page content, or perform actions on behalf of the victim.
Types of XSS Attacks
- Reflected XSS: Malicious script is reflected off a web server, such as in an error message.
- Stored XSS: Malicious script is stored on the target server, such as in a database.
- DOM-based XSS: The vulnerability exists in client-side code rather than server-side code.
Common XSS Payloads
<script>alert('XSS')</script>
<img src=x onerror=alert('XSS')>
<svg onload=alert('XSS')>
Impact of XSS
- Session hijacking and cookie theft
- Defacement of web pages
- Redirecting users to malicious sites
- Keylogging and credential theft
Knowledge Check
Which type of XSS vulnerability stores malicious scripts on the server?
Identifying XSS Vulnerabilities
theoryLearn how to identify potential XSS vulnerabilities in web applications.
How to Identify XSS Vulnerabilities
XSS vulnerabilities typically occur when user input is not properly validated, sanitized, or encoded before being displayed on a web page.
Common Vulnerable Input Points
- Search boxes and form fields
- URL parameters
- Comment sections
- User profile fields
- HTTP headers, such as User-Agent and Referer
Testing for XSS
- Insert test payloads in input fields.
- Check if the payload is reflected in the response.
- Verify if the script executes in the browser.
- Test different encoding and bypasses.
Example Vulnerable Code
// Vulnerable PHP code
echo "Hello " . $_GET['name'];
// Vulnerable JavaScript
document.getElementById('output').innerHTML = userInput;
Knowledge Check
Which of the following is the most common place to test for XSS vulnerabilities?
Reflected XSS - Comment System
simulationPractice exploiting reflected XSS in a vulnerable comment system.
Simulation Objective
Practice exploiting reflected XSS in a vulnerable comment system.
Target
/xss-lab/blog
Scenario
Vulnerable blog
Stored XSS - User Profile
simulationExploit stored XSS by injecting scripts into profile fields.
Simulation Objective
Exploit stored XSS by injecting scripts into profile fields.
Target
/xss-lab/profile
Scenario
Vulnerable profile
XSS Filter Bypass - Basic
simulationLearn to bypass basic XSS filters and input validation.
Simulation Objective
Learn to bypass basic XSS filters and input validation.
Target
/xss-lab/filtered
Scenario
Filtered input
DOM-based XSS
simulationExploit DOM-based XSS vulnerabilities in client-side JavaScript.
Simulation Objective
Exploit DOM-based XSS vulnerabilities in client-side JavaScript.
Target
/xss-lab/dom
Scenario
Client side vuln
XSS Cookie Theft
simulationLearn to steal cookies using XSS vulnerabilities.
Simulation Objective
Learn to steal cookies using XSS vulnerabilities.
Target
/xss-lab/cookies
Scenario
Session hijacking
XSS Prevention Techniques
theoryLearn about effective methods to prevent XSS vulnerabilities.
XSS Prevention Techniques
Preventing XSS requires a multi-layered approach combining input validation, output encoding, and security headers.
Input Validation
- Whitelist allowed characters and patterns
- Reject or sanitize dangerous input
- Validate on both client and server side
Output Encoding
- HTML encode user data before display
- JavaScript encode for JS contexts
- URL encode for URL contexts
- CSS encode for style contexts
Content Security Policy (CSP)
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'none'
Secure Coding Practices
- Use template engines with auto-escaping
- Avoid
innerHTMLfor dynamic content - Set the
HttpOnlyflag on session cookies - Implement proper error handling
Knowledge Check
Which HTTP header helps prevent XSS attacks by controlling resource loading?