International Conference on Advanced Computing, Communication and Networks - CCN 2011
Author(s) : AISHWARY PANDEY, B.N.ROY , NILESH KUNHARE
Web applications are often vulnerable to attacks. Research data shows that over 80% of the applications are vulnerable to Cross Site Scripting (XSS) attacks. It commonly targets scripts embedded in a page which are executed on client side (on the user’s web browser) rather than on server side. It involves three parties- attacker, client and the website. The goal of XSS is to steal client cookies and any other sensitive information, which can identify the client with the website. There are two ways of XSS attack. Non-persistent (First Order or Reflected XSS) attack and Persistent (Second Order or Stored XSS) attack. Persistent attack is considered to be the most dangerous types of XSS attack because the attacker can directly supply the malicious input without tricking users into clicking on a URL. In this paper we will explain how persistent XSS attack takes place and understand the behavior of attackers by simply creating an environment where attacker intrudes some malicious code and the code is executed when the user visits on that infected web page and hence the attacker successfully leads to exploit the trust relationship between victim’s browser and server’s location. We will also discuss about the approaches that can be used for preventing XSS attack types.