What is the difference between reflected XSS and stored XSS?
Reflected XSS and stored XSS are two types of cross-site scripting (XSS) vulnerabilities that can compromise the security of web applications. While they both involve injecting malicious code into a website, they differ in how the code is delivered and executed.
Reflected XSS, also known as non-persistent XSS, occurs when the injected code is embedded in a URL parameter or a form input field. The malicious code is then reflected back to the user's browser without being stored on the server. When the user visits a specially crafted link or submits a manipulated form, the injected code is executed in the context of the victim's browser. This can lead to various attacks, such as stealing sensitive information, session hijacking, or defacing the website.
For example, consider a vulnerable search functionality that echoes the user's input without proper sanitization. An attacker could construct a malicious URL like:
https://example.com/search?query=<script>alert('XSS')</script>
When a victim clicks on this link, the script tag and its payload are reflected back in the search results page, causing the alert to pop up in the victim's browser.
On the other hand, stored XSS, also known as persistent XSS, involves injecting malicious code that is permanently stored on the target server. This type of vulnerability arises when user-supplied data is stored in a database or a file and later retrieved and displayed on web pages without proper sanitization. The injected code is then served to every user who accesses the affected page, increasing the potential impact of the attack.
For instance, imagine a comment section on a blog where user comments are not properly sanitized. An attacker could post a comment containing malicious JavaScript code:
<script>document.cookie='session_id=123456';</script>
Whenever a user views the blog post, the script tag and its payload are rendered by the server, allowing the attacker to steal the victim's session cookie.
To summarize, the main difference between reflected XSS and stored XSS lies in how the malicious code is delivered and executed. Reflected XSS involves injecting code that is immediately reflected back to the user's browser, while stored XSS involves injecting code that is stored on the server and served to multiple users. Both types of XSS vulnerabilities can have severe consequences, compromising the confidentiality, integrity, and availability of web applications.
Other recent questions and answers regarding Cross-site scripting:
- Do stored XSS attacks occur when a malicious script is included in a request to a web application and then sent back to the user?
- What is Content Security Policy (CSP) and how does it help mitigate the risk of XSS attacks?
- Describe how an attacker can inject JavaScript code disguised as a URL in a server's error page to execute malicious code on the site.
- Explain how AngularJS can be exploited to execute arbitrary code on a website.
- How does an attacker exploit a vulnerable input field or parameter to perform an echoing XSS attack?
- What is cross-site scripting (XSS) and why is it considered a common vulnerability in web applications?
- What is the proposed solution in the research paper "CSP is dead, long live CSP" to address the challenges of CSP implementation?
- What are the limitations and challenges associated with implementing CSP?
- How does Content Security Policy (CSP) help protect against XSS attacks?
- What are some common defenses against XSS attacks?
View more questions and answers in Cross-site scripting