Episode Details

Back to Episodes
Course 1 - BurpSuite Bug Bounty Web Hacking from Scratch | Episode 10: XSS: Overview, Security Level Testing, and Real-World Attacks

Course 1 - BurpSuite Bug Bounty Web Hacking from Scratch | Episode 10: XSS: Overview, Security Level Testing, and Real-World Attacks

Published 6 months, 2 weeks ago
Description
In this lesson, you’ll learn about:
  • Definition of Cross-Site Scripting (XSS):
    A client-side web vulnerability where an application executes user-supplied JavaScript instead of treating it as text. It typically occurs in user input areas such as search fields, comment boxes, or feedback forms.
  • Main Types of XSS:
    1. Reflected XSS (Non-persistent):
      • The malicious input is not stored in the database.
      • It only affects users who execute the injected script (e.g., by clicking a crafted link).
      • Commonly found in search or URL parameters.
    2. Stored XSS (Persistent):
      • The injected payload is saved in the application database (e.g., in comments).
      • The script runs automatically for every visitor who loads the infected page.
      • This type has a higher impact and broader reach.
    3. DOM-based XSS:
      • The vulnerability exists in the Document Object Model (DOM) layer.
      • The HTML response may appear unchanged, but JavaScript execution happens client-side.
  • Potential Consequences:
    • Theft of cookies and session tokens.
    • Hijacking user accounts or sessions.
    • Launching Cross-Site Request Forgery (CSRF) attacks.
    • Delivering malicious redirects or keyloggers.
  • Practical Demonstrations:
    • Reflected XSS (OWASP Mutillidae Example):
      • Using Burp Suite to intercept and inject a simple payload:
      • If the response returns the payload unmodified, the application is vulnerable.
    • DVWA Demonstrations Across Security Levels:
      • Low Level: The script runs immediately without filters.
      • Medium Level: Filtering is attempted (e.g., removing the word “script”). Bypassed using mixed-case payloads like:
      • High Level: Stronger filtering, but DOM-based XSS succeeds using:

  • Real-World Exploitation Example:
    • Attackers send phishing emails containing legitimate-looking links that include malicious JavaScript in the query string.
    • When clicked, the script executes on the target site, allowing theft of credentials or session data.
    • This is often referred to as first-order XSS, primarily exploiting GET requests.
  • Prevention Techniques:
    • Validate and sanitize all user input (both client and server-side).
    • Implement output encoding for HTML, JavaScript, and URL contexts.
    • Use modern Content Security Policy (CSP) headers.
    • Avoid using innerHTML for dynamic content updates.
    • Educate users to verify links before clicking, especially in unsolicited emails.


You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
Listen Now

Love PodBriefly?

If you like Podbriefly.com, please consider donating to support the ongoing development.

Support Us