XSS - Types and their users
We all know that XSS is the most common exploit to be found in any website. However, different forms of XSS have different uses, as i will cover in this post. This ranges from a simple Social Engineering opportunity to a full defacement or possibly remote admin access. The following types of XSS are defined:
Type 1 XSS
Type 2 XSS and
Type 3 XSS.
Their uses are the following:
Type 1 XSS, AKA local XSS:
This form of XSS is rarely mentioned, because it is very hard to pull off and requires knowledge of either browser exploits or local OS html files. For the first scenario, the attacker could use their website to send malicious commands to the local users vulnerable HTML files (look in /WINDOWS, there are HTML files there) that executes some command on the users system.
Type 2 XSS AKA non-persistant XSS:
Type 3 XSS AKA persistant XSS:
This kind of XSS is what is mostly used against guestbooks, forums and other permanent user content pages. When this type of XSS is used it stays on the page and can be used in many ways; stealing cookies, defacing a page, and spreading(the new "XSS worm" phenomenon)
These types of XSS are completely different from each other, and all serve different purposes within hacking.