Confused with the different methods of XSS (Cross Site Scripting)

steppinthrax

Diamond Member
Jul 17, 2006
3,990
6
81
So anyway. I know of the 3 types: Reflected, Persistent and DOM.

Reflected is when code (either HTML or Javascript) is put into the URL or form fields of the site and that code is reflected back to the user.

Persistent: Is when code (either HTML or Javascript) is stored someway on teh server. (i.e. a blog) and the code is executed every time a user visits the page.

DOM??????? : I see different things. It seems DOM can either be persistent or reflected??? I was reading somewhere that DOM is only with JavaScript. I'm not getting a clear answer. I know what DOM is and how it relates to "security of origin" with the browser and how javascript is only supposed to execute within the domain that it's in. But, DOM appears to be a description of either reflected or persistent?????
 

PhatoseAlpha

Platinum Member
Apr 10, 2005
2,131
21
81
Negatory. DOM XSS attacks generally take the form of attack a vulnerability in the javascript on a page, typically one that parses some value of URL. It is different then reflected, because the server does not necessarily ever actually see the affected portion of the url.
For example, anything after a # will not be sent to the server by IE6 or Mozilla. It WILL still be parsed locally though. So if your code happens to do something like "document.write(document.URL)" and I send somebody a link that ends in #<script>alert('All your base are belong to us');</script>.....well, the server never see's it, but all the client's bases are mine.

So, you see, it actually is absolutely a third type of attack. Reflected require the server to take you malicious code and just send it back. Store means you actually store the nastiness and send it out on demand. DOM doesn't actually require the server to recieve any malicious code and reflect or or otherwise.



This is of course, not gospel and is merely the result of googling xss dom and reading. Perhaps you should try that? The first one to come up was quite informative.