Effect of Cross Site Scripting (XSS)


In my previous article Cross-Site Scripting (XSS) in .NET, we discuss about what the Cross Site Scripting is and how it effects the Asp.Net web applications. In this article we discuss about how XSS changes the web applications.

Theft of user accounts or services: As we save user details in sessions, the session identifier stored in a cookie. Through Cross Site Scripting (XSS) hacker can access the cookies and can navigate user to hacker site. In hacker site, hacker can recreate that cookie and appears to web server as original user by passing that cookie. Read how to access cookies as part of XSS in my Cross-Site Scripting (XSS) in .NET article.

User Redirection: Once the hacker finds our web application is XSS vulnerability, hacker can redirect the user browser to his own site by injecting javascript injection and can do spyware installations, phishing…etc.

User Tracking: As we know we can change web page content from javascript. If any web site is XSS vulnerability, hacker can change the web page content, can replace all links with his own links, even he can insert his own image in place of content.

Denial of Service (DoS) attacks: Attacker can insert large image on web site which has large number of users. With large number of viewing audiences on vulnerability site which has that image may provide require large bandwidth which may lead to shut down the web site.

Misinformation: By using the javascript hacker can lead user in a wrong way by replacing the information with wrong information if the web site is XSS vulnerability. For example hacker can direct user in a wrong path by placing the wrong price in financial web site if it is XSS vulnerability.

Installations/Exploitation of Browser add-ins: By inserting the <object> tag in the web page hacker can start browser add-ins or can install add-ins if the web site is XSS vulnerability.