Reflected Cross Site scripting is one of the 3 types of cross site scripting attacks. The other two being the Stored XSS and the Dom Based XSS. In this blog post we will see with discuss the reflected XSS attack.
Reflected Cross Site scripting attack is an immediate reflection of user inputs and occurs when a victim interacts with a malicious website through a link that will execute a piece of code and send sensitive information to an attacker. Discussed below are the detailed steps of how this attack takes place.
Step 1: An attacker will send a message to a victim with a link. This link will contain a malicious piece of code.
Step 2: The victim unknowingly clicks on the received link.
Step 3: The link directs the user to a malicious web site which will reflect the code back to the victim.
Step 4: The victims browser will then executes the code.
Step 5: Th victims browser will return the sensitive information to the attacker.
If a website is found vulnerable for Reflected XSS attacks then
- It will allow an attacker to perform any task that a user performs on the system.
- View any information that the user is able to view.
- Change or delete any information that a user is able to change or delete on a system.
- Hijack a victims account on a web application.
- Emails to the victim with special offers.
- Placing links on untrusted websites controlled by the attacker.
Comments
Post a Comment