Cross-Site Scripting (XSS) Explained in 7 minutes

Рет қаралды 76,189

Күн бұрын

What is Cross-Site Scripting (XSS)? How does it work? Where can you find vulnerabilities? How do you fix those vulnerabilities?
In this lesson from our new Cross-Site Scripting (XSS): The 2021 Guide course (cybr.com/produ..., we start to answer these questions by explaining the concepts of XSS and how it works. We also talk about the potential impacts that successful XSS exploitation can have, examples of what payloads look like, and more!
If you enjoy this video, check out our course here: cybr.com/produ...

Пікірлер: 39

@Cybrcom Жыл бұрын

Please, consider clicking Subscribe if you haven't already :)! Thank you!

@PloddingDream-px3fz 8 ай бұрын

You were able to explain this topic as if someone has never scene it, yet leaving them with a solid understanding of a high-level view.

@Cybrcom 8 ай бұрын

I’m glad the video helped!!

@crookedcrowe9215 Жыл бұрын

Very useful. I had a horrible explanation on XSS and left me confused. This really clarifies it better. Thank you.

@Cybrcom Жыл бұрын

I know the feeling! Glad this helped

@Matsuhide114 Ай бұрын

Agreed, less complex, kept it simple, able to explain with examples.

@Allie19863 5 ай бұрын

I'll be writing my Security + Exam on Wednesday. I came on YT to look for a good explanation of XSS and your video delivered. TY! New subscriber!

@Cybrcom 5 ай бұрын

That’s awesome! Glad the video helped. Please let us know how your exam goes 😁

@raygomez3935 8 ай бұрын

This is awesome content! Studying for PenTest+ to get an idea if i want to pursue pentesting. Your channel is an excellent resource.

@mahesh6307 11 ай бұрын

Yeah, I have found my new mentor after a long searching, sql concepts are just waaaaaaahhhhh

@AWaterKnight 10 ай бұрын

Nice explanation with the illustrations. It also beautifully showed the differences between the different types. Still wondering some things: It is called cross-site scripting. I always wondered what's exactly cross-site about it, i.e., what is denoted as the different sites where the code is to cross in between. From your explanation, it sounds like two different frontend pages, i.e., you see some HTML page, click a link or submit a form and thus the browser requests another HTML page, which will execute the code you brought over. But in modern day we may also have a single page application, so we don't get a completely new HTML page from the backend, only some data and the frontend can re-form using the logic it already has. You could of course still inject some script there depending on the logic in the frontend, though it's a bit of a question when a site is crossed there. Another idea is that you could call different machines or processes sites, i.e., the frontend being a site and the backend server being a site, but DOM-based XSS would not fit in this frame. When you submit a form normally, you get another HTML page. Of course, it would not make sense as an attack to inject something in the javascript of that new HTML page while targeting yourself. You can control your own browser and issue own javascript. So I wonder how reflected XSS targets the browser of another user. The thing that comes to mind is when the backend has a reactive pattern and sends data to other users with for example websockets but then they would usually not get whole new HTML pages from that. Another idea would be to send the target users the URL with the malicious payload.The HTTP GET method uses query parameters. For POST method, the payload would need to be in a header or entity, which would be more difficult to trick other users into to issue, since this isn't entailed in a URL. Similarly with DOM-based XSS, to target another user, you would need to send them a URL with the malicious payload via different means, tricking them to open it. And I guess there could be mixed forms of XSS, where a stored XSS places some links with malicious URLs on the HTML page of victim users and clicking them can trigger additional stuff as any type of XSS.

@Cybrcom 10 ай бұрын

I'm glad you enjoyed it! Thanks for the kind comments. In terms of exactly how/why it became named cross-site scripting, honestly I don't know the history and I wasn't there when they came up with the name ;) but I always assumed it was because injected scripts can transfer data or carry out actions from one site/app to another regardless of where/how the XSS is carried out.

@IntricateMoon 11 ай бұрын

Why is this channel so underrated and low subscriber count? This is well written and the explanation and illustrations are toptier -_- Thank you for this Christophe! (Hope that is your name) 😄

@Cybrcom 11 ай бұрын

❤️ thanks for the kind words 🥲 please help spread the word so my content can reach more people!!

@IntricateMoon 11 ай бұрын

@@Cybrcom will absolutely do that. Thank you again! Hopefully more content in the future 🙌🙏

@somedude4652 Жыл бұрын

very informative!

@belindazhang426 Жыл бұрын

great explanaiton!!!

@i_am_dumb1070 Жыл бұрын

Please upload a full xss course

@Cybrcom Жыл бұрын

We've got a full XSS course on our site

@lily-888-sv Жыл бұрын

Woow...sky is open 😂😂😂...I mean for myself...finally understand. Thank you 💞 My brain appreciate😊

@eggminolia 2 жыл бұрын

Thanks for this amazing explanation! 🎉Merry Christmas 2022

@Cybrcom 2 жыл бұрын

Thank you!! You too!

@user-kn8nt5zm5n Жыл бұрын

I use webhook to steal session cookies of my own website. However the session part is empty. Why may be the reason, does anyone have the same issue?

@mohsenbaarzegar 10 ай бұрын

Very useful

@ManInTee 6 ай бұрын

But if I'm an attacker targeting a popular website that isn't escaping script tags, won't I have to take lots of additional steps to get the response page with the malicious script sent to another web application user that isn't me? I assume if I wanted to do this with Google (and if Google was vulnerable), I would send the script in the search bar, then Google would respond to MY machine with the page with malicious payload. Not seeing how that would be dangerous to anyone but the attacker.

@Cybrcom 6 ай бұрын

Yes and no. What you've described is basically a form of Self-XSS. Some apps may only be vulnerable to that degree and nothing more, in which case the impact is minimal (but not non-existent -- look up Self-XSS examples), but a lot of times it's just the starting point. If an attacker finds a vulnerability like that, they will have to take extra steps (sometimes many extra steps) to find a way to exploit it at a larger/more impactful scale. But, some XSS can be submitted via URLs (think phishing), while other XSS (like stored XSS) would be permanently added to a web page (think comments like this one or other permanent user-submitted inputs) where my XSS gets loaded for every user viewing this comment, as an example.

@user-kn8nt5zm5n Жыл бұрын

I added javascript text to my own website. However, IT does not give any alert. My web app treat it like a plain text instead of JavaScript. What should i do to make my code vulnerable to XSS? cause i need to perform XSS for my cybersecurity class

@Cybrcom Жыл бұрын

A good way to figure this out is to take a look at the source code of apps like the DVWA and Juice Shop and see how they created vulnerabilities. If you just need a quick and simple example, though, I would use .innerHTML like this: element.innerHTML = userProdividedData; innerHTML is a very dangerous place to put in untrusted user inputs :)

@user-kn8nt5zm5n Жыл бұрын

@@Cybrcom solvedthankuu

@s1ubbe Жыл бұрын

Needs better explanation. Didnt get how this could affect anyone but the attacker. How does the server store the script?

@Cybrcom Жыл бұрын

These resources might help make more sense of it: - Article version of the video: cybr.com/beginner-archives/what-is-cross-site-scripting-xss/ - Case study of a stored XSS vuln: cybr.com/ethical-hacking-archives/stored-xss-vulnerability-in-image-alt-attribute-to-steal-cookies-bug-bounty/ - Case study of a blind XSS vulnerability: kzbin.info/www/bejne/bXXOm4BmZct9bLc But to answer your question about how the server stores the script -- just like how it stores anything else, like your youtube comment. You could have injected an XSS payload in your YT comment, and if YT were vulnerable, I would be affected by it simply by viewing your comment.