XSS related knowledge points

1. Introduction to XSS
The full name of XSS is Cross Site Scripting. In order to avoid confusion with the abbreviation of Cascading Style Sheets (CSS), it is abbreviated as XSS.It means that a malicious attacker inserts malicious Script code into a Web page, and when a user browses the page, the html code embedded in the Web will be executed, so as to achieve the purpose of maliciously attacking the user.XSS attacks are aimed at user-level attacks.
2. Reasons for XSS
The main reason for the formation of XSS vulnerabilities is that the program's control and filtering of input and output are not perfect and strict, resulting in "well-constructed" script input, which will be blocked by the browser when it is input to the front end.It is parsed and executed as valid code to cause harm.
3. Classification of XSS Vulnerabilities
1. Reflected XSS
Reflected XSS is a non-persistent, parametric cross-site scripting. This attack method is often one-time and only triggered when the user clicks.
Reflected XSS: through the back end, not through the database
Data flow: browser front end --> back end --> browser front end
2. DOM XSS
DoM is the document object model(Document Object Model) abbreviation.It is the object representation of the HTML document and is also the interface between external content (such as JavaScript) and HTML elements.
It is a vulnerability based on the DoM document object model, and DOM-type XSS is based on JS and does not require interaction with the server.It is an XSS cross-site scripting attack formed by modifying the data information of the DOM node of the page.Different from reflected XSS and stored XSS, DOM-based XSS cross-site scripting attacks often need to analyze specific Javascript DOM codes, and use XSS cross-site scripting attacks according to the actual situation.
Data flow: URL–> Browser front end
3. Stored XSS
Stored XSS is persistent cross-site scripting.Persistence is reflected in the fact that the XSS code is not in a parameter (variable), but is written into a medium such as a database or file that can permanently save data.Stored XSS usually occurs in places like message boards.
Data flow: browser –> backend –> database –> backend –> browser
Fourth, summary
Reflected XSS is non-persistent cross-site scripting.
DOM-type XSS is a vulnerability based on the DOM Document Object Model.
Stored XSS is persistent cross-site scripting.
On Harm: Stored XSS > DOM-XSS > Reflected XSS.