What It Is
XSS is an input validation issue that lets attackers run scripting code in your browser within the trusted context of a site that you’re visiting. Browser scripting code can do quite a bit, including sending your authentication cookies to a malicious site so they can be used to impersonate you.
How It Works
XSS occurs when a site reflects code that it’s given, i.e. fails to identify it as something that can be run in a browser and then gives it back to the sender, instead of sanitizing it properly (filtering it for possible dangerous elements). So a site that’s vulnerable to XSS can be sent something like the following (within script tags) via an HTTP GET or POST.
alert('Uh oh -- XSS!')
If you get back a popup window that says, “Uh oh — XSS” — the site is vulnerable. One of the most common place to have these issues is in the search forms that most sites have. The key here is that the code isclient-side code being “bounced back” to you by the server, which you then run.
Ok, so XSS works by sending something to a site (often through their search form) with scripting code in it and having bounce back, right? So why is that a problem? How is someone going to make a victim send this potentially dangerous garbage to a site?
They send you a link.
Links can be very long and elaborate — including having a good amount of code in them. So what they do is pick a target site that’s vulnerable to XSS, say acmebank.com, and then build a query into a link that includes the malicious code. They then send these links all over the place and wait for people to click on them.
Remember that cookies can only be read by the domain that the cookies belong to. That’s why the attacker has to get THE VICTIM to send their malicious code to the website by clicking the links.
So here are the steps: