Cross-site Scripting (XSS) is a client-side code injection attack. Using this technique, an attacker can execute malicious scripts into a legitimate website or web application. This server has a vulnerability that allows an attacker to send malicious code to the user. A browser cannot foresee the script on the website. So, it cannot judge if a website should be trusted or not. The browser will execute the script allowing the attacker to access any cookie or session token retained by the browser.
An attacker can use the XSS attack to send a malicious script to the end user. The end user doesn’t know if the source of the script is legit or not and the user still executes the script. Due to this irresponsible move, the end user will allow the attacker to access any cookies, session tokens, or other sensitive information retained by the browser. The attacker will use this information to intensify the attack. These scripts can do any changes in the application and worst case; this attack can change the content of the HTML page.
The below code is vulnerable to cross-site scripting.
Consider the below error page. This page is displayed for 404 not found error. This handles the requests using PHP.
The attacker will try to execute a non-existing URL.
The following result is the usual output for these requests.
Not found: /file_which_not_exist
The attacker will request the below code to execute the attack.
An XSS vulnerable site will give the below output for the above URL input.
The above result shows that the attack was successful. The attacker can access sensitive data through session cookie using this method.
The issues include:-
Beagle recommends the following fixes:-