Skip to main content

An Analysis of the Prevention and Detection of Cross Site Scripting Attack

Page 1

ISSN 2347 - 3983 Volume 11.Trends No.1,inJanuary 2023 Priyanshi Panwar et al., International Journal of Emerging Engineering Research, 11(1), January 2023, 30 – 34

International Journal of Emerging Trends in Engineering Research Available Online at http://www.warse.org/IJETER/static/pdf/file/ijeter051112023.pdf https://doi.org/10.30534/ijeter/2023/051112023

An Analysis of the Prevention and Detection of Cross Site Scripting Attack Priyanshi Panwar1, Himani Mishra2, Ritambhara Patidar3 Research Student, S.G.I.T.S., Indore, India, priyanshisjr@gmail.com 2 Assistance Professor, S.G.S.I.T.S., Indore, India, himanimishra.hm21@gmail.com 3 Assistance Professor, S.G.S.I.T.S., Indore, India, ritam.patidar@gmail.com 1

Received Date: December 9, 2022

Accepted Date: December 20, 2022

Published Date : January 07, 2023

ABSTRACT

2. CSS ATTACK

As technology progresses, web based applications are becoming more vulnerable and threats to it’s security is increasing day by day. One of the ways by which an attacker can attack any web application is cross site scripting attack. The loop holes in a web based application can be exploited by a hacker in ways like, session-hijacking, cookie-stealing, malicious redirection etc. In this survey paper we focuses on the current XSS attack detection techniques and their limitations.

Genrally, the attacker uses many methods to take advantage of vulnerable web based application. a scenario where an application that allows hacker to send hostile script and gather some type of data from the victim this is what known as cross site scripting attack (xss attack). it allows a hacker to insert malicious programming (such as javascript, vbscript, activex, html, or flash) into a weak dynamic website and then run that script on his computer to collect data. the usage of xss runs the risk of compromising confidential data, stealing or manipulating cookies, creating requests that could be construed as coming from a legitimate user, or executing malicious code on the end-user computers. the information is typically presented as a hyperlink with dangerous content that is disseminated online through all available channels. In this part, we examine the three primary xss attack types: persistent xss attacks, non-persistent xss attacks and dom-based attacks.

Key words: Cross-Site Scripting attack, prevention, detection, Web based Application, XSS. 1. INTRODUCTION Web based application are advancing with the advancements in technology. But it also increases the probability of being exploited by the hacker. With the recent surveys and studies it is came to notice, that one of the ways to attack is XSS used by a hacker. Cross site script attack uses injection method. The hackers takes the advantage of underlying inadequacy of present in web based application by injecting hostile script code through web pages input box, basically java script’s code snippets along with input boxes are embedded and then sent at client side and when client reload or revisit the web page it’s cookies details can be seen as well as its session token and other sensitive stored information can be seen. Because web programmes do not effective monitoring and filtering system for the user input, an attacker inserts perilous scripts into reliable web sites. When a malicious script is run, a hacker take hold of the required information. Specifically, the personal user data. Researchers created a number of approaches that can successfully stop the hostile script to get executed and performed because of its practical significance. Additionally, Google Chrome included a client-side XSS filter using this method [1].

2.1 Stored XSS or Persistant or Type-II XSS Attack: In persistent XSS, an hacker will insert hostile script into a website permanently, which lead to saving the script on the servers as HTML text in places like databases, comment fields, forum postings, etc., and will subsequently be displayed to the victim. When the victim(to be) visits a website that contains XSS-II attack code, the attack code runs on the victims's browser, sending the victims's sensitive data from his side to the hacker's side. The cached XSS attack is another name for the persistent XSS attack. When compared to "REFLECTED XSS," this form of XSS causes more severe damage. Figure 1 shows XSS attack flow.

30


Turn static files into dynamic content formats.

Create a flipbook
An Analysis of the Prevention and Detection of Cross Site Scripting Attack by The World Academy of Research in Science and Engineering - Issuu