It is a very critical and impactful attack, we say, as if any vulnerability is found in this bug, it will directly impact all users using that application. Type – 2 Stored XSS or Server Side or Persistent XSS So, whatever the payload we inject in any input parameter like search box, form, and any other input form, input-form reflects any alert or pop-up box and is vulnerable to Reflected XSS attack.Īlso, it is only viewed on Client-side changes, which means this attack is not persistent, and it will not impact any damage to the server-side and any application running on the backend server. It only discloses any sensitive information until the attack can go to its extreme level to get more in-depth digging to exploit high-level effects. It is a web application-based attack type. Type-1 Client Side XSS or Reflected XSS or Non-persistent XSS Now we have three types of Cross-Site Scripting attacks is available let see all the types in detail: So here we are taking the Cross-Site Scripting Attack, as we have only one choice to explain it. So, in the image, we can even see the proof that the attack is trying to get the Cross-Site Scripting attack to get any access or information leakage for Sensitive Information. Here in the below image, we can see the Proof of Concept also:įig 15: XSS Vulnerabilities Attack proof of evidence Now when we go more down to check the packet filter status here, we found that the attacker limits some web-based attacks Only a few of them are giving OK, but we also didn’t get any sensitive information relief. We can see requests every time, but we only got 404 NOT FOUND responses. Here we can understand the attacker doing any automated vulnerability tool to detect any threat present on the server.
In contrast, the IP address 192.168.1.200 is continuously making the brute force attack on various methods on the server to get any remote access. If we notice the packet transfer report analysis, we can easily see that Ip address 146.90.197.173 is the target IP server. So in the above image, we are getting the right and accurate communication done only in two IP addresses.
0 kommentar(er)
