Ataques Cross Site Scripting (XSS)

Esquemas / exemplos de Cross Site Scripting (XSS)

Há (pelo menos) 3 tipos:

1. XSS Reflectido:














2. XSS Armazenado













3. XSS baseado em DOM

• An HTML or XML page is represented by a DOM object (Document Object Model, W3C)
• HTML can contain references to attributes of that object, which are interpreted in the browser: F document.URL, document.location, document.referer,…
• Vulnerability: site with HTML page with JS script that does client-side logic with document.URL or another attribute