Wednesday, September 6, 2017
Have you ever gotten this message when logging on to a site?
To understand the Cross-site Scripting vulnerability you have to first understand the basic concept of the Same Origin Policy (SOP), one of the most important security principles of every web browser. This SOP forbids websites to retrieve content from pages with another origin. By forbidding access to cross-origin content random websites cannot not read or modify data from your Facebook page or PayPal account, for example, while logged in to them.
https://example.com/index.html...can access content from
https://attacker.com/index.html...cannot access content from
What this means is that the attacker would then be able to gain access to users cookies, session IDs, passwords, private messages etc. They can read and access the content of a page for any attacked user and therefore all the information displayed to the user. The attacker may also compromise the content shown to the user.