XSS

Attacks
Group Members
Theory Practical
Explanation Demonstration

M. Huzaifa Sibtain Ali

Meer Zubair M. Ikram

Learning + You will get an introduction to what XSS
vulnerabilities are, how they are caused and
Objectiv how they can be identified.
+ You will get an introduction to reflected
es: XSS vulnerabilities and how they can be
identified and exploited.
+ You will get an introduction to stored XSS
vulnerabilities and how they can be identified
and exploited.
+ You will get an introduction to DOM-Based
XSS vulnerabilities and how they can be
identified and exploited.
+ You will learn how to utilize automated
tools and web
proxies to identify and exploit XSS vulnerabilities in
web applications.
Software
Kali Linux a
• Used as a Virtual Operating System.

Burp Suite a
• Used for exploiting XSS and performing labs in its browser.

Net cad a
• Used for listening incoming network connections on a
specified port.
+ Basic familiarity
with
HTTP/HTTPS.
Prerequisites
+ Basic familiarity
with
O W A SP ZAP/Burp Prerequisi
Suite. tes
+ Basic familiarity
with Javascript.
Introduction To Cross-Site
Scripting (XSS)
 Important Terms

● Cookie: A cookie is a small piece of data stored by a web

browser on a user's device, used by websites to remember
information between sessions. Cookies can store various data
like user preferences, login details, or tracking information for
analytics and advertising. They help improve the user
experience by maintaining state and personalizing content..
● Payload: A payload refers to the part of the malware or
cyber attack that performs the harmful action after the attack
is triggered. It can be a code or a type of data that causes
the exploit to do its job.
 Cross-Site Scripting
(XSS)
● Cross-Site scripting (XSS) is a client-side web vulnerability
that allows attackers to inject malicious scripts into web
pages.
● This vulnerability is typically caused by a lack
of input sanitization/validation in web
applications.
● Attackers leverage XSS vulnerabilities to inject malicious code
into web applications. Because XSS is a client side
vulnerability, these scripts are executed by the victims
browser.
● XSS vulnerabilities affect web applications that lack input
validation and leverage client-side scripting languages like
 Cross-Site Scripting
(XSS)
● XSS vulnerabilities/attacks are typically sorted into two main
categories: stored/persistent and reflected.
● XSS attacks are typically exploited for the following
objectives:
 Cookie stealing/Session hijacking - Stealing cookies from users
with authenticated sessions, allowing you to login as other
users by leveraging the authentication information contained
within a cookie.
 Browser exploitation - Exploitation of browser vulnerabilities.
 Keylogging - Logging keyboard entries made by other users
on a web application.
 Phishing - Injecting fake login forms into a webpage to
capture credentials. … and many more.
Introduction To
Reflected XSS
 Reflected
XSS
Reflected XSS
● Reflected/non-persistent cross-site scripting is the most
common form of XSS and involves tricking a victim into clicking
a specially crafted link (with an XSS payload) to the
vulnerable w ebsite.
● When the victim clicks on the link the website includes the XSS
payload as part of the response back to the victims browser,
where the payload is executed.
 Reflect
ed
http://website.com/page.php?<
payload>
Websit
e Response Headers
3. Website includes the —----------------------- 2. The target
payload with the <html><head> clicks the link
<body>...
response. — and is directed
<script>PAYLOAD</ to the
scri pt>
</body></html> website.

http://website.com/page.php?<
payload>
1. Attacker sends a specially
crafted link to the target that
contains the XSS payload.
Attack Target
er
Introduction To
Stored XSS
 Stored
XSS
Stored/Persistent
● Stored cross-site scripting is a vulnerability where an attacker
is able to inject Javascript code into a web application’s
database or source code via an input that is not sanitized.
● For example, if an attacker is able to inject a malicious XSS
payload in to a webpage on a website without proper
sanitization, the XSS payload injected in to the webpage will
be executed by the browser of anyone that visits that
webpage.
 Stored
XSS
1. Attacker injects malicious XSS 2. Victim visits the website and
payload into website code or malicious XSS payload is
database. executed.

Websit
e

3. Attacker’s XSS payload

sends info/data back to the
attacker when executed by
Attack targets.
Targe
er t
 DOM-Based
XSS
DOM-Based XSS
● DOM-Based XSS/type-0 XSS is a type of XSS vulnerability that
allows an attacker to inject malicious payloads into a
webpage by exploiting a weakness in the DOM of the web
application.
● A DOM-Based XSS attack involves exploiting a script on the
webpage that takes user input and reflects it back to the
page without proper sanitization, the attacker then injects
malicious code/payloads into the webpage’s DOM by
modifying the values of the script’s variables.
 Document Object M odel
(DOM )
● The DOM is a programming interface for HTML and XML files.
● It represents the web page as a hierarchical tree-like
structure, where each node corresponds to an element,
attribute or text in the webpage.
● The DOM is used by developers to dynamically change the
content and behaviour of a web page in response to user
interaction. For example:
 Add or remove elements and attributes from the page.
 Change the content of existing elements like text or images.
 Modify the styling and layout of elements on the page.
 Respond to user interaction such as clicks or keyboard input.
 Stored vs Reflected vs
DOM-Based
● Stored XSS attacks occur when the attacker injects malicious code into a
web application's database or other storage mechanism, such as a
comment section or user profile field. The malicious code is then served
to all users who view the affected page, regardless of their session or
browser.
● Reflected XSS attacks are carried out by injecting malicious code into a
we application's input fields, such as search boxes, forms, or URLs. The
input is then reflected back to the user in the form of an error message,
search results, or a page redirect. When the victim clicks on the link or
submits the form, the malicious code is executed in their browser.
● DOM-Based XSS attacks occur when the vulnerable code is present in the
Document Object Model (DOM) of the web page. The attacker exploits a
weakness in the web application's JavaScript code to modify the values of
the script's variables and inject malicious code into the DOM. When the
victim loads the web page, the malicious code is executed in their
Stored vs Reflected vs
DOM-Based
Preventions
 Prevention Methods
 Validate Input
● Allow only expected input formats (e.g., numbers, emails).
● Reject anything outside the required format.
 Encode/Escape methods
● Replace <, >, and other special characters with their
respective HTML entities (e.g., < becomes &#60;).
● Prevent rendering of untrusted scripts.
 Use Content Security Policy (CSP)
● Allow scripts from only trusted sources.
● Example: Content-Security-Policy:
script-src 'self’ https://trusted.cdn.com;
 Prevention Methods
 Secure coding practice
● Avoid embedding user inputs directly in HTML.
● Use frameworks handling encoding such as
htmlspecialchars() in PHP.
 Sanitize Input
● Use trusted libraries to sanitize user content such as
DOMPurify and OWASP.
 Input Length restriction
● Limit user input lengths.
● Prevent large payloads that might include malicious scripts.
Thank
You!