Book Image

Python Penetration Testing Essentials

By : Mohit Raj
Book Image

Python Penetration Testing Essentials

By: Mohit Raj

Overview of this book

Table of Contents (14 chapters)
Python Penetration Testing Essentials
About the Author
About the Reviewers

Learning about Cross-Site scripting

In this section, we will discuss the Cross-Site Scripting (XSS) attack. XSS attacks exploit vulnerabilities in dynamically-generated web pages, and this happens when invalidated input data is included in the dynamic content that is sent to the user's browser for rendering.

Cross-site attacks are of the following two types:

  • Persistent or stored XSS

  • Nonpersistent or reflected XSS

Persistent or stored XSS

In this type of attack, the attacker's input is stored in the web server. In several websites, you will have seen comment fields and a message box where you can write your comments. After submitting the comment, your comment is shown on the display page. Try to think of one instance where your comment becomes part of the HTML page of the web server; this means that you have the ability to change the web page. If proper validations are not there, then your malicious code can be stored in the database, and when it is reflected back on the web page, it produces...