Types Of XSS
Cross-site scripting (also known as CSS, XSS) is a dangerous hacking script, its main source being web applications. Unauthorized users make their entrance to one’s system through these scripts and invade the access panels by impersonating the user and stealing their valued information from the system and tamper with their sessions.
There are three types of xss attacks. They are:
DOM-Based XSS
Non-persistent XSS, and
Persistent XSS
DOM-Based xss is one of those types of xss which infect the machine (the user’s processor) and not a host or a website. The detrimental contents sent are generally in the form of HTML, JavaScript, Flash and many more types of code which the browser is compatible with. The built-in HTML pages for guidance reference in a computer and the system’s cookies can also be modified according to the user’s choice, making it more prone to these malicious attacks. Making changes to default HTML pages can lead to the hacker having easy access in creating an infected website, and to rewrite the coding of an HTML. The user clicks to open the site and permits the entrance of sensitive pages, encoded by the instructions of the hacker, on to the system. The user activates the encoded site and enables the attacker to take over the system.
The hacker’s in-depth analysis in regards to invasion of systems is also possible by writing random HTML codes in the search bar of the website. If the website is weak, the ‘showing results’ page will return the results. HTTP referrer objects, GET parameters, POST parameters, window.location, document referrer and headers are known to be not secured in your system after these attacks.
The persistent and Non-persistent XSS deals with the destruction of a user’s website, stealing valued information of the users. These types of xss tempt the user to feed information to the pernicious site. In these cases, it’s easier for the victim, or at the same time, many victims, to fall prey to the infected codes by the attacker, normally guestbooks in an HTML webpage, and to some extent, blogs and conversation threads in a website.
It’s good to be aware of these malevolent damages as it can prove to be extremely costly. After understanding the types of xss, how to recognize the basics of XSS seems possible. One of the most widely known types of xss infection is ‘‘ (javascript). This script will decode Priyanshu (not including quotes). Type ‘search.php?q=’ on a website like this:
‘http://website.com/search.php?q=
Priyanshu‘
Normally it works but, if it doesn’t, well, use different sites (like HTML, mentioned in the example above). You can observe the script being unsafe when the page and newlines contain bold text.
In order to prevent your computer from these types of xss attacks, install website advisers on your PC, as they prove efficient in determining anonymous links, and send reports to the user about the viruses, Trojans, pop-ups and Malware. Web Browsers having Add-ons (javascript) can be a plus point for the user because these add-ons protect the system from loading harmful random components from the internet.