XXS & XSRF Flashcards
What is XXS?
Cross-Site Scripting
Injects a malicious script into a trusted site to compromise the sites visitors
What is the first step of a XXS attack?
the attacker identifies an input validation vulnerability within a trusted website
What is the second step of a XXS attack?
the attacker crafts a URL to perform the code injection against that trusted website
What is the third step of a XXS attack?
the trusted site will return a page containing the malicious code injected,
What is the fourth step of a XXS attack?
Malicious code runs in the clients browser with permission level as the trusted site
What is a Non-Persistent XXS?
This type of attack only occurs when its launched because your clicking the link and it happens once
What is a Persistent XXS?
allows an attacker to insert code into the backend database used by that trusted website
What is a DOM XXS?
Document Object Model
exploit the client’s web browser using client-side scripts to modify the content and layout of the webpage.
For the exam, anytime your looking at a log snippet or captured URLs that have the script or any kind of Javascript inside of them, its most likely a what?
XXS Attack
For the exam, if you see something with document dot something in it, like document dot or document dot right, this should tell you what?
DOM-based cross-site scripting attack
What is Session Management?
Enables web applications to uniquely identify a user across several different actions and requests
What is a Cookie?
Text file used to store information about a user when they visit a website
What is a Non-Persistent Cookie?
Known as a session cookie, which resides in memory and is used for a very short period of time
What is a Persistent Cookie?
stored in the browser cache, until they’re either deleted by a user or they expire
What is Session Hijacking?
type of spoofing attack where the attacker disconnects a host and then replaces it with his or her own machine by spoofing the original host IP
