Top 5 ways to exploit a Cross-Site Scripting (XSS) vulnerability

(Source: Unsplash)

Introduction to Cross-Site Scripting (XSS)

In this article, we will discuss Cross-Site Scripting (XSS) vulnerability, how to find one and present 5 creative ways to demonstrate its impact by exploiting it.

Cross-Site Scripting (XSS) and the various types of it

It is a web-based vulnerability in which an attacker can inject malicious JavaScript code into the application, which will be later executed.

There are multiple types of this vulnerability (based on how the malicious scripts are stored and executed):

1. Stored/Persistent XSS: malicious scripts are stored in the application, for example in a comment section.
2. Reflected/Non-persistent XSS: malicious scripts are returned back to the user, for example in a search query.
3. DOM-Based/Client-Side XSS: malicious scripts are injected in the Document Object Model, being executed on the client-side and the webserver response isn’t modified.
4. Self-XSS: the victim is tricked to run malicious scripts on their side, for example in their web developer console.

How to find a Cross-Site Scripting (XSS) in a web…