Content Guild

Home / updates

What is a reflected XSS?

Carter Sullivan |

What is a reflected XSS?

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off of a web application to the victim’s browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts.

What is an example of XSS?

Examples of reflected cross-site scripting attacks include when an attacker stores malicious script in the data sent from a website’s search or contact form. A typical example of reflected cross-site scripting is a search form, where visitors sends their search query to the server, and only they see the result.

What is the difference between reflected XSS and stored XSS?

What is the difference between reflected XSS and stored XSS? Reflected XSS arises when an application takes some input from an HTTP request and embeds that input into the immediate response in an unsafe way. With stored XSS, the application instead stores the input and embeds it into a later response in an unsafe way.

What is reflected input?

Reflection of input arises when data is copied from a request and echoed into the application’s immediate response. Input being returned in application responses is not a vulnerability in its own right.

How reflected XSS can be exploited?

To exploit a reflective XSS, an attacker must trick the user into sending data to the target site, which is often done by tricking the user into clicking a maliciously crafted link. In many cases, reflective XSS attacks rely on phishing emails or shortened or otherwise obscured URLs sent to the targeted user.

What kinds of pages are likely to contain reflected XSS vulnerabilities?

Background

  • Stored XSS (AKA Persistent or Type I) Stored XSS generally occurs when user input is stored on the target server, such as in a database, in a message forum, visitor log, comment field, etc.
  • Reflected XSS (AKA Non-Persistent or Type II)
  • DOM Based XSS (AKA Type-0)

What can you do with reflected XSS?

As an attacker, being able to exploit a reflected XSS still means that they can execute arbitrary JavaScript in the vulnerable web application. This makes any programmatically triggerable action of the application usable by the attacker. For instance, Bitcoin exchange users could transfer bitcoins to arbitrary users.

Is Reflected XSS bad?

Reflected XSS attacks are less dangerous than stored XSS attacks, which cause a persistent problem when users visit a particular page, but are much more common. Any page that takes a parameter from a GET or POST request and displays that parameter back to the user in some fashion is potentially at risk.

What are some XSS exploits?

Top 5 creative ways to exploit a Cross-Site Scripting (XSS)

  • #1: Stealing Cookies. Let’s suppose we have a vulnerable comments section of a blog, where an attacker can insert a malicious XSS payload.
  • #2: Open Redirection.
  • #3: Website Defacement.
  • #4: Keylogger.

What may an attacker achieve using reflected XSS?

As an attacker, being able to exploit a reflected XSS still means that they can execute arbitrary JavaScript in the vulnerable web application. This allows exploitation of browser-based, OS-based or browser’s plugin-based vulnerabilities. They let the attacker own the machine – usually making it a member of a botnet.

You Might Also Like