Cross site scripting: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Justin C. Klein Keane
(initial stub)
 
imported>Justin C. Klein Keane
No edit summary
Line 1: Line 1:
{{subpages}}
Cross site scripting (XSS) is a programming flaw that allows attackers to inject arbitrary script into a web site.  There are two main types of cross site scripting - stored and reflected.  DOM based cross site scripting is a third type of cross site scripting.
Cross site scripting (XSS) is a programming flaw that allows attackers to inject arbitrary script into a web site.  There are two main types of cross site scripting - stored and reflected.  DOM based cross site scripting is a third type of cross site scripting.


=Stored Cross Site Scripting=
==Stored Cross Site Scripting==
Stored cross site scripting involves a persistent script that an attacker can inject into a web application that is served to other requesters of a web page.  A typical example of a stored XSS occurs when a malicious script is stored in a database that is used to compose page content for site visitors.  This results in every site visitor requesting pages composed of database data containing malicious script.
Stored cross site scripting involves a persistent script that an attacker can inject into a web application that is served to other requesters of a web page.  A typical example of a stored XSS occurs when a malicious script is stored in a database that is used to compose page content for site visitors.  This results in every site visitor requesting pages composed of database data containing malicious script.


=Refelcted Cross Site Scripting=
==Refelcted Cross Site Scripting==
Reflected cross site scripting is a vulnerability that results when malicious scripts in request parameters are used to compose page responses in web applications.  Reflected XSS does not persist, but is still useful for attackers who can obfuscate parameters and perform trust exploitation attacks.
Reflected cross site scripting is a vulnerability that results when malicious scripts in request parameters are used to compose page responses in web applications.  Reflected XSS does not persist, but is still useful for attackers who can obfuscate parameters and perform trust exploitation attacks.
==References==
<references/>

Revision as of 17:44, 2 August 2010

This article is a stub and thus not approved.
Main Article
Discussion
Definition [?]
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and subject to a disclaimer.

Cross site scripting (XSS) is a programming flaw that allows attackers to inject arbitrary script into a web site. There are two main types of cross site scripting - stored and reflected. DOM based cross site scripting is a third type of cross site scripting.

Stored Cross Site Scripting

Stored cross site scripting involves a persistent script that an attacker can inject into a web application that is served to other requesters of a web page. A typical example of a stored XSS occurs when a malicious script is stored in a database that is used to compose page content for site visitors. This results in every site visitor requesting pages composed of database data containing malicious script.

Refelcted Cross Site Scripting

Reflected cross site scripting is a vulnerability that results when malicious scripts in request parameters are used to compose page responses in web applications. Reflected XSS does not persist, but is still useful for attackers who can obfuscate parameters and perform trust exploitation attacks.

References