Distinguishing Different Delivery Vectors
Because XSS uses a compromised Web site as a delivery mechanism to a browser, it is necessary to understand not only how a payload enters the Web site but also how and where the site renders the payload for the victim's browser. Without a clear understanding of where potentially malicious user-supplied data may appear, a Web site may have inadequate security or an inadequate understanding of the impact of a successful exploit.
Reflected
Reflected XSS is injected and observed in a single HTTP request/response pair. For example, pages in a site that provide search typically redisplayed “you searched for foobar.” Instead of searching for foobar, you search for <script>destroyAllHumans ()</script> and ...
Get Seven Deadliest Web Application Attacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
