Web Security: XSS and Same-Origin Policy

XSS Vulnerability

• XSS allows an attacker to inject malicious scripts into a web page viewed by another user, bypassing the Same-Origin Policy (SOP)
• SOP is a security mechanism implemented in modern web browsers to prevent a malicious script on one web page from obtaining access to sensitive data on another page
• SOP defines origin based on the protocol, hostname, and port

JavaScript for XSS

• Basic knowledge of JavaScript is crucial for understanding XSS exploits and adapting them to your needs
• XSS is a client-side attack that takes place on the target's web browser
• Different browsers process certain code snippets differently, making it essential to test attacks on a browser similar to the target's

JavaScript Console and Essential Functions

• The Console tab can be accessed in:
  • Firefox: Ctrl + Shift + K
  • Google Chrome: Ctrl + Shift + J
  • Safari: Command + Option + J
• Essential JavaScript functions:
  • Alert: displays a JavaScript alert in a web browser (e.g., alert(1) or alert('XSS'))
  • Console log: displays a value in the browser's JavaScript console using console.log() (e.g., console.log(1) or console.log("test text"))
  • Encoding: btoa("string") encodes a string of binary data to create a base64-encoded ASCII string, and atob("base64_string") is the reverse function

Types of XSS

• There are three main types of XSS:
  • Reflected XSS: relies on user-controlled input reflected to the user
  • Stored XSS: relies on user input stored in the website's database
  • DOM-based XSS: exploits vulnerabilities within the Document Object Model (DOM) to manipulate existing page elements without needing to be reflected or stored on the server