Introduction HDIV
Cross-Site Scripting (XSS)
This is the result:
Image 1 3 - XSS Vulnerability Sample result
What can an attacker get when our application is vulnerable to a XSS?
There is a large variety of attacks to exploit this vulnerability. A well known attack is a massive email sending that we see in the picture below, attaching a trusted url (in this example, happy banking) where the final result is the execution of a JavaScript function that can redirect us to another website (a fake website which apparently is the same as original) or can obtain the cookies of our browser and send them to the attacker.
Image 1-4 - XSS Mail Attack
The rob of cookies can give the attacker access to the web applications where the user is authenticated in that moment (online bank, personal email account, etc.). This is because most of the web applications use cookies to maintain sessions. When the server authenticates a user, it creates an identifier that is stored in the user browser as a cookie. In the successive requests, this identifier is used to identify the user, avoiding having to type the username and password for each request. All this process is managed automatically by the browser itself.
This vulnerability (XSS) can be solved using generic validation politics (where certain characters are not allowed) or using libraries like Struts which avoids this kind of problems.