XSS: Difference between revisions

From charlesreid1

(Created page with "=Overview= ==Cheat Sheet== https://portswigger.net/web-security/cross-site-scripting/cheat-sheet =Notes= ==Types of Cross Site Scripting== There are three main types of X...")
 
Line 11: Line 11:
There are three main types of XSS attacks. These are:
There are three main types of XSS attacks. These are:


* Reflected XSS, where the malicious script comes from the current HTTP request.
* Reflected XSS - the script comes from the current HTTP request
* Stored XSS, where the malicious script comes from the website's database.
* Stored XSS - the script comes from the website's database
* DOM-based XSS, where the vulnerability exists in client-side code rather than server-side code.
* DOM-based XSS - the script is injected client-side rather than server-side

Revision as of 20:11, 13 April 2022

Overview

Cheat Sheet

https://portswigger.net/web-security/cross-site-scripting/cheat-sheet

Notes

Types of Cross Site Scripting

There are three main types of XSS attacks. These are:

  • Reflected XSS - the script comes from the current HTTP request
  • Stored XSS - the script comes from the website's database
  • DOM-based XSS - the script is injected client-side rather than server-side
Retrieved from "https://charlesreid1.com/w/index.php?title=XSS&oldid=29475"