In this article, we will discuss one of the most used cyberattacks of the last decade.
XSS stands for Cross-site Scripting. You will notice that the actual letters produce in CSS for short, however, this is already taken by something worse – the Cascading Style Sheets.
There are several different types of XSS attacks but the concept is almost always the same – they “infect” your current viewed website with malicious JavaScript code, or use a link from their own site to a page that you have already viewed, which “recognizes” you.
As a very simple example, let’s say that you have visited a payment site like:
paymentwebsite/give_payment/to/a_relative
You have visited the above-mentioned link on the payment website to send a payment to a relative. Now, let’s say that you visit another website, this time for cute cats at
cutecats/tabbies
On this page, you see a really cute cat image and you click on it. However, the owner of cutecats is a malicious person that have made the link on the picture to lead to
paymentwebsite/give_payment/to/malicious_person
So that instead of opening the cute cat image, you’re instead making a payment from the payment website to the malicious person. Since the payment website “knows” you as you have visited it previously it will also know to remove the money from your account.
This is a very simple example and should not work with sites made in 2019
Another example is self XSS. This is an XSS attack in which the user is given a JavaScript code and they’re instructed to copy-paste it in their browser’s console while being on a site that contains delicate information about them.
Since most visitors of the internet are not familiar with JavaScript nor the console a person can mislead them by saying that they will benefit from this. For example, a malicious person gives a JavaScript code that will obtain the Credit Card information of another user and masks this by telling them that the JavaScript code will actually yield them a small amount of money. The user is tricked into obtaining the money, however, when they paste the code it actually obtains information about them.
Sites like Facebook have implement protection for their users by showing a warning when the console is opened.
Get a Safe and Reliable web hosting for your online project. Now all shared web hosting services are with up to 40% discount!