Look into Reflected XSS

 

Reflected Cross Site scripting is one of the 3 types of cross site scripting attacks. The other two being the Stored XSS and the Dom Based XSS. In this blog post we will see with discuss the reflected XSS attack.

Reflected Cross Site scripting attack is an immediate reflection of user inputs and occurs when a victim interacts with a malicious website through a link that will execute a piece of code and send sensitive information to an attacker. Discussed below are the detailed steps of how this attack takes place.

Step 1: An attacker will send a  message to a victim with a link. This link will contain a malicious piece of code.

Step 2: The victim unknowingly clicks on the received link.

Step 3: The link directs the user to a malicious web site which will reflect the code back to the victim.

Step 4: The victims browser will then executes the code.

Step 5: Th victims browser will return the sensitive information to the attacker.

If a website is found vulnerable for Reflected XSS attacks then

1. It will allow an attacker to perform any task that a user performs on the system.
2. View any information that the user is able to view.
3. Change  or delete any information that a user is able to change or delete on a system.
4. Hijack a victims account on a web application.

There are multiple ways in which an attacker can trick a victim they may include

1. Emails to the victim with special offers.
2. Placing links on untrusted websites controlled by the attacker.

Most of the time this attack may be to target general public who use a specific web site or it may be targeted towards an individual who accesses  a web site and not harm the other users.