Hello guys,
today I'm going to try to give you my basic understanding of XSS attacks.
there are two types of XSS attacks which are
1. None Persistent XSS
2. Persistent XSS
First, the None Persistent one is when you add your text like this:
www.website.com/search.php?search=Troll3d
and the site shows something like:
"Search Result For Troll3d"
when we see that the text is displayed on the page with no validation
then we try to put some HTML tags like:
www.website.co,/search.php?search=
www.website.com/search.php?search=<script>alert("Tr0ll3d");</script>
If we got blinking text, or the java script ran successfully that means we can display anything we want, but that's not that dangerous for the website.
Second type is the Persistent XSS, this one is more dangerous which allow us to inject our codes in the website's source, with just little knowledge of Javascript you can even deface the website at extreme cases.
For the Persistent XSS, I found a perfect video from OWASP tutorials which I learned XSS from (Today after I got a request to make this tut xD )
enjoy
