Web application security - the fast guide 1.1 | Page 131
Echo
Based
P a g e | 131
Chapter 6 - Attack execution (2)
DOM
Based
Stored
Based
Figure 50: XSS attacks categories
of exploitation scenarios as we can differentiate three main categories of CSS
attacks:
Echo or reflected attack: in this category the attack depends on the
existence of page men to be a convenience but it become a vulnerability
due to full or partial reflection of the entered information as is.
Stored Script attack: this category covers the attacks based on the
attacker being able to store contents on the server side without being
sanitized that will be available to other users.
Data Object Model attack: The attacker in this category depends on the
updating the Data Object Model of the document to cause change on the
page not on the reflection of information through the server.
6.15 Echo or reflection based XSS
Attack requirement:
A. The user access a page that contains a vulnerable page with echo
B. No sanitization is applied on the reflected input passed to that page
Attack process:
A. The attacker creates a link to the trusted site containing the vulnerable
echo page passing the JavaScript as parameter.
B. The server will send the response containing the inserted script.
C. The client executes the JavaScript and containing any special message or
forwarding request to phished site or simply send back session
information which will help the attacker in initiating a session hijacking.