I was not able to understand what the difference between stored xss and reflected xss is. Can you tell me with an example?
What Is Stored XSS (Cross Site Scripting)? XSS is an attack technique that injects malicious code into vulnerable web applications. Unlike other attacks, this technique does not target the web server itself, but the user's browser. Stored XSS is a type of XSS that stores malicious code on the application server.
Reflected XSS is a kind of cross-site scripting attack, where malicious script is injected into websites that are trusted or otherwise benign. Typically, the injection occurs when an unsuspecting user clicks on a link that is specifically designed to attack the website they are visiting.
XSS attacks can be generally categorized into two main types: non-persistent (reflected) and persistent (stored).
Stored XSS means that some persistant data (typically stored in a database) are not sanitized in a page, which implies that everyone can be affected by the vulnerability. For example, imagine a forum where users' answers posted are not escaped. If someone posts a topic with some HTML on it, everyone that goes to the topic page will be affected! The risks can generally be important, since it affects all users and can widespread rapidly (a typical example is Myspace XSS worm which impacted one million users in 20 hours).
Reflected XSS, on the contrary, means that non-persistent data (generally data provided by the client through form submission) are not escaped. For instance, imagine a search engine where in the results list page, your search keywords are redisplayed (and not sanitized). You could then put html on your research and it will be executed. While the risks of this vulnerability are less obvious, since it only affects the user who made the injection, it can be a problem too. For example if a malicious user sends a link with the injection on it to a victim, and the victim clicks on the link.
With perspective of business impact on system
Stored XSS is persisted into the system and hence is visible to anyone else who comes and reads the content stored. For example, if I edit a page in wikipedia and inject some javascript code, that will be visible to all new visitors.
Reflected XSS on other hand is like I input some code, which is reflected back to me alone. This one will not be in general visible to others, however such a vulnerability can be utilized by hacker for clickjacking. Suppose an url parameter for a search results page can be converted to a code script. This url can be send people over emails and they would click on it to see the malicious code executed on our business site. Though no such code existed in our site, lack of input validation will result in such urls to show malicious content on our site as if it were there and business owner will lose their brand reputation.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With