Comprehensive Guide on Cross-Site Scripting (XSS) and Its Bypasses

Cross-Site Scripting (XSS) is a widespread vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. This guide covers the types of XSS, methodologies for detection and exploitation, contexts of injection, and advanced techniques for bypassing protections.

1. Introduction to XSS XSS attacks enable attackers to inject malicious scripts into web pages. These scripts can execute in the context of a user's browser, allowing attackers to steal information, hijack sessions, or perform actions on behalf of the user.

1.1 Types of XSS Stored XSS: The malicious script is permanently stored on the target server, such as in a database or comment field. Reflected XSS: The malicious script is reflected off a web server, typically via a URL query parameter. DOM-Based XSS: The vulnerability exists in the client-side code rather than the server-side code, and the attack payload is executed as a result of modifying the DOM environment.

2. Methodology for Detecting XSS 2.1 Identify Injection Points

Check if any value you control (parameters, path, headers, cookies) is reflected in the HTML or used by JavaScript code.

Determine Reflection Context

Raw HTML: Can you create new HTML tags or use attributes/events that support JavaScript? Inside HTML Tag: Can you exit to raw HTML or create events/attributes to execute JavaScript? Inside JavaScript Code: Can you escape the