Unsanitized Data – An XSS Case Study

Cross-Site Scripting (XSS) is a vulnerability caused by exceptions built into the browser's same-origin policy restricting how assets (images, style sheets, and JavaScript) are loaded from external sources.

Consistently appearing in the OWASP Top-10 survey of web-application vulnerabilities, XSS has the potential to be a very damaging, persistent exploit that affects large sections of the target site's user base. It can also be difficult to stamp out, especially in sites that have large attack surfaces, with many form inputs, logins, discussion threads, and so on, to secure.

This chapter will cover the browser mechanisms that create the opportunity for XSS, the different varieties of XSS (persistent, reflected, DOM-based, and so on), how to test for it, and a full example of an XSS vulnerability – from discovering the bug to submitting a report about it.

The following topics will be covered in this chapter:

• Overview of XSS
• Testing for XSS
• An end-to-end example of XSS