In this article, we are being told about Cross Site Scripting attacks like Reflected Cross Site Scripting, Stored Base Cross Site Scripting Attacks and DOM Based Cross Site Scripting.
We are telling you about the types of Cross Site Scripting Attacks types, how many ways can hackers do this attack or how can they try this attack on a website while doing bug bounty.
All this is being told to you for educational purpose, if you find the Cross Site Scripting Attacks bug in any website, then you should never misuse it.
Note- This article is only for educational purpose. Don’t miss use your knowledge and skills.
What is Cross Site Scripting Attacks ?
We have already told you about Cross Site Scripting Attacks, you can also read our article but here you are being told practically about Cross Site Scripting Attacks types.
As soon as you read this article, you will get to know everything about Cross Site Scripting Attacks. Here we want to make you clear one thing is that if scripts with script tag are not run on any website then XSS in it attack has no vulnerability.
To bug bounty here, you should have a list of different types of XSS payloads, this list is easily found on google if any script runs in any website, in such a case that website is vulnerable to XSS attack.
Therefore, the more XSS payloads you have, the more easy it is for you to bounty the bug, so when you bounty the bug, in that way do almost all the types of XSS payloads.
This is because it happens so often that script tag is blocked in most of the websites, in such a way we have to use other payloads, in the list we are giving you, you get about 6000 payloads.
Cross Site Scripting Attacks
Here we are practically telling you about three types of Cross Site Scripting Attacks like Reflected Cross Site Scripting, Stored Base Cross Site Scripting Attacks and DOM Based Cross Site Scripting.
Reflected XSS Attack
First of all, we are telling you about the Reflected XSS attack, as you can see in the image, whatever you type in the text box in this attack, you get reflected and displayed.
If we understand Reflected XSS Attack in easy language, then you can say that whatever input you give, you also get the same output, this is how Reflected XSS Attack works.
Let’s understand it by example, like suppose a website has a search box and you type freelearningtech there or type your name. If you show your name by writing, you can call it Reflected XSS Attack.
Similarly, even if you give the url address of some kind of image, you still get it reflecting and show something like this, you can get reward by finding Reflected XSS attack while bug bounty.
Stored XSS Attack
You have been told about the Stored XSS Attack earlier as well, if we run some kind of script and it runs in the script website, then you can call it Stored XSS Attack.
As you can see in the image, you get the option to post a comment in this way in almost all the websites, in such a way that if the script runs on the website after running the script in this way, then this is called Stored XSS Attack.
As you can see in the image, your given script runs in this way, here we have run a simple script, in such a script tag is blocked in most of the websites, here you have to use XSS payloads.
Here you can see the given XSS payloads by running on some kind of vulnerable website, in such a way you also learn a lot, you know what kind of script you get by running in a website.
DOM Based XSS Attack
Do not get much difference between DOM based XSS attack and Reflected XSS attack, as you have been told, whatever input you give in Reflected XSS attack is shown in the output as well.
The same thing happens in DOM based XSS attack but here you have such a show as you can see in the image, you have search for freelearningtech while here you should get error but you are not getting any kind of error.
When you search for something like this in a real website that does not happen in that website, you have an error show with sorry as if you can see in the image something like Cross Site Scripting Attacks done in this way.
Here, if you search for anything on any kind of website, the same show gets done, in such a way, you can call it DOM Based Suss Attack, in this way hackers try Cross Site Scripting attacks on a website.
I hope now you know about Cross Site Scripting Attacks Here we have given you Reflected Cross Site Scripting, Stored Base Cross Site Scripting Attacks and DOM Based Cross Site Scripting in practically.
Here you can also use the burp suite to use these attacks, we want to clear one thing here, it is not that if you do not get the text box in any website then you do not perform cross site scripting attacks.
Here with the help of burp suite you can easily try Cross Site Scripting attacks on any website, it all depends on your practice how you go out of the way and try this attack on a website.
If you have any question related to cross site scripting attacks or any kind of question, then you can ask in a comment, we will help you completely, never use any of the methods mentioned here.
If you like this article of ours, then you should definitely share it, to read our articles first, you must subscribe to our blog for latest updates.
Sharing is Caring