Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the difference between stored xss and reflected xss?

Tags:

xss

I was not able to understand what the difference between stored xss and reflected xss is. Can you tell me with an example?

like image 808
Warun Avatar asked Aug 30 '17 05:08

Warun


People also ask

What is stored XSS?

What Is Stored XSS (Cross Site Scripting)? XSS is an attack technique that injects malicious code into vulnerable web applications. Unlike other attacks, this technique does not target the web server itself, but the user's browser. Stored XSS is a type of XSS that stores malicious code on the application server.

What is reflected XSS?

Reflected XSS is a kind of cross-site scripting attack, where malicious script is injected into websites that are trusted or otherwise benign. Typically, the injection occurs when an unsuspecting user clicks on a link that is specifically designed to attack the website they are visiting.

What are the two types of cross site attacks?

XSS attacks can be generally categorized into two main types: non-persistent (reflected) and persistent (stored).


2 Answers

Stored XSS means that some persistant data (typically stored in a database) are not sanitized in a page, which implies that everyone can be affected by the vulnerability. For example, imagine a forum where users' answers posted are not escaped. If someone posts a topic with some HTML on it, everyone that goes to the topic page will be affected! The risks can generally be important, since it affects all users and can widespread rapidly (a typical example is Myspace XSS worm which impacted one million users in 20 hours).

Reflected XSS, on the contrary, means that non-persistent data (generally data provided by the client through form submission) are not escaped. For instance, imagine a search engine where in the results list page, your search keywords are redisplayed (and not sanitized). You could then put html on your research and it will be executed. While the risks of this vulnerability are less obvious, since it only affects the user who made the injection, it can be a problem too. For example if a malicious user sends a link with the injection on it to a victim, and the victim clicks on the link.

like image 161
Timothé Malahieude Avatar answered Oct 20 '22 00:10

Timothé Malahieude


With perspective of business impact on system

Stored XSS is persisted into the system and hence is visible to anyone else who comes and reads the content stored. For example, if I edit a page in wikipedia and inject some javascript code, that will be visible to all new visitors.

Reflected XSS on other hand is like I input some code, which is reflected back to me alone. This one will not be in general visible to others, however such a vulnerability can be utilized by hacker for clickjacking. Suppose an url parameter for a search results page can be converted to a code script. This url can be send people over emails and they would click on it to see the malicious code executed on our business site. Though no such code existed in our site, lack of input validation will result in such urls to show malicious content on our site as if it were there and business owner will lose their brand reputation.

like image 34
Sandeep Nair Avatar answered Oct 20 '22 00:10

Sandeep Nair