Stored XSS and Reflected XSS are common forms of Cross-Site Scripting (XSS) attacks. Their main difference lies in the attack implementation method and how the malicious script is stored and triggered.
Stored XSS
Stored XSS (also known as persistent XSS) stores the malicious script on the target server, such as in databases, message forums, visitor logs, or comment fields. When users access pages containing malicious scripts, the script executes automatically without requiring additional user interaction, such as clicking links.
Example:
Suppose a blog website allows users to comment on articles. If the website fails to properly filter user input, an attacker can inject JavaScript code into the comments. When other users view articles with malicious comments, the JavaScript executes automatically, potentially stealing user cookies or performing other malicious actions.
Reflected XSS
Reflected XSS (also known as non-persistent XSS) occurs when the malicious script is not stored on the server but is reflected back to the user's browser via user input, such as URL parameters, and executed. This typically requires social engineering techniques to trick users into clicking a malicious link or visiting a malicious website containing malicious code.
Example:
Suppose a search website allows users to input search keywords and directly reflects the input to the results page. If an attacker tricks users into clicking a specially crafted link that includes a script as a search parameter, the script executes on the results page when the user accesses the website.
Summary
The main differences are:
- Storage Location: In Stored XSS, the malicious code is stored on the server, whereas in Reflected XSS, the malicious code is transmitted via URL or other immediate methods.
- Trigger Method: Stored XSS executes automatically when users access pages with malicious code, while Reflected XSS requires additional user interaction, such as clicking a malicious link.
- Impact Scope: Stored XSS typically affects all users accessing the content, while Reflected XSS typically only affects users who click malicious links.
When defending against both attack types, it is crucial to properly filter and escape user input to ensure dynamically generated content does not execute unintended scripts.