Overview Cross-Site Scripting, commonly referred to as XSS, is a type of web application injection attack in which malicious scripts are injected into trusted websites.
XSS attacks occur when an attacker takes advantage of, or "exploits," a flaw in a web application to send the attacker's payload to the client's browser. These flaws are typically encountered when a web application sends user-input to the browser without validating or encoding it beforehand.
An XSS payload executes within the domain of the "trusted site" and has the potential of accessing that website's cookies, modifying the page's DOM and even abusing the client's browser or extensions.
Though the end result is the same for all XSS attacks (an attacker controlled payload in the server's response), there are three different types of XSS vulnerabilities.
Let's assume we have a search results page that displays a user's search query back to them. The code below is an example of how this could be done in PHP:
Results for "<?php echo $_GET['query'] ?>"
For this to work, you would access the page with a URL like:
In the response, we get:
Results for "stackoverflow"
Now we will attempt to inject our payload into the response:
And our new response:
Results for "<script>alert(1)</script>"
We have successfully injected our XSS payload.