Reputation: 235
Major differences and definitions, between Persistent XSS and Non-Persistent XSS
What are the major differences between, Persistent XSS and Non-Persistent XSS?
Upvotes: 3
Views: 7541
Answers (2)
Reputation: 6854
As the naming suggests, the difference between Persistent and Non-Persistent XSS are as follows.
Persistent XSS
Stored XSS, inside of cookies or the server's database.
Example of Persistent XSS in a chat application
If a chat application stores all user messages into a database and a user can send a string of HTML, such as <script>alert('XSS');</script> then that code will be executed every time the user visits the chat application.
Non-Persistent XSS
XSS executed on the client, for example JavaScript executed in the URL or the user is tricked into pasting JavaScript into their console.
Example of Non-Persistent XSS
You can execute javascript:alert('XSS') in the browser, although most modern browsers will not let you copy/paste this into the URL.
You can read more about this here.
Upvotes: 7
Reputation: 498
(Source)
Stored XSS/Persistent XSS
Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XSS is also sometimes referred to as Persistent or Type-I XSS.
Example:
- Writing an XSS Payload inside a guestbook. The payload gets stored inside the database and executed every time a user visits the guestbook
- Accessing the Site:
http://victim.host/notfound?<img src=0 onerror=Alert(1)>. This get's stored inside a log file on the server and if the logfile get's interpreted as HTML through a Browser, the payload get's executed.
Reflected XSS/ Non-Persistent XSS
Reflected attacks are those where the injected script is reflected off the web server, such as in an error message, search result, or any other response that includes some or all of the input sent to the server as part of the request. Reflected attacks are delivered to victims via another route, such as in an e-mail message, or on some other web site. When a user is tricked into clicking on a malicious link, submitting a specially crafted form, or even just browsing to a malicious site, the injected code travels to the vulnerable web site, which reflects the attack back to the user’s browser. The browser then executes the code because it came from a "trusted" server. Reflected XSS is also sometimes referred to as Non-Persistent or Type-II XSS.
Example:
- Directing a user to
http://victim.host/?a=<payload>and this payload gets outputed and executed directly on the website. You can find this behaviour in searches and error pages mostly.
Note: In current browsers, if a JavaScript String is seen in the URL, which gets reflected on the website, it will be blocked. It depends if the whole page gets blocked or just the one script.
Upvotes: 5
Related Questions
- window.onload vs $(document).ready()
- How do I create a GUID / UUID?
- What is the difference between "let" and "var"?
- What is the difference between call and apply?
- Reference Guide: What does this symbol mean in PHP? (PHP Syntax)
- What is the most efficient way to deep clone an object in JavaScript?
- What does "use strict" do in JavaScript, and what is the reasoning behind it?
- var functionName = function() {} vs function functionName() {}