It is one of the most common application level attack. It consists of three parties unlike traditional two party attacks. The three parties are:
- Attacker / Hacker
- Vulnerable Site
- Client / Victim
This kind of link will look like :
The victim will click the link and the response would be a pop up window showing the cookies of the client to himself off course an attacker will redirect the output to himself and not to the client. For this the attacker may erect a web site www.hacker.com and use a script to receive the cookies. Instead of popping up the window the attacker would write a code that accesses the URL at his site.
The malicious link would look like:
http://ww.vulnerable.site/welcome.php?name= "the script for the cookies"
And in reponse the attacker would get all the cookies.
Scope of an XSS attack.
The attack can occur only at the victim side and it is to reminded that the same browser is used for accessing the vulnerable site. The attacker needs to force the client to access the malicious link. This can happen in several ways:
- The attacker sends an email containing an HTML page that forces the browser to access the link. This requires the victim use the HTML enabled email client, and the HTML viewer at the client is the same browser used for accessing www.vulerable.site.
- The client visits a site, perhaps operated by the attacker, where a link to an image or otherwise active HTML forces the browser to access the link. Again, it is mandatory that the same browser be used for accessing this site and www.vulerable.site.
- Permanent cookies of ( www.vuerable.site) maintained by the browser.
- RAM cookies (of www.vulerable.site) maintained by this instance of the browser, only whenit is currently browsing www.vulnrable.site.
- Names of other windows opened for www.vulnrable.site