Striving to become a master Go/Cloud developer; Father ๐จโ๐งโ๐ฆ; ๐ค/((Full Stack Web|Unity3D) + Developer)/g; Science supporter ๐ฉโ๐ฌ; https://coder.today
You are 5y old, in a future Halloween. The trick or treat tradition is still around, but the technology evolved.
A bad kid (X) lives in your neighborhood, he wants many candies, but he is lazy so he decided to steal them from the other kids. X has very rich parents, has future 3D printers and other cool Spy tech.
Non-persistent XSS
X comes to your house, mounts a camera and sensors at your window to find out what are you going to wear. X buys a costume same as you, he records your voice and then he pretends is you for the entire night. He is going to all the houses and take the candies pretending is you.
The non-persistent (or reflected) cross-site scripting vulnerability is by far the most basic type of web vulnerability.[13] These holes show up when the data provided by a web client, most commonly in HTTP query parameters (e.g. HTML form submission), is used immediately by server-side scripts to parse and display a page of results for and to that user, without properly sanitizing the request.
Mistakes:
you weren't careful and didn't saw the camera and sensors out side of your window
the houses that gave candies trusted a mask, and didn't ask you to say your name or other things only you could knew
Persistent XSS
X is getting lazy, he found a new way to steal even more candies. He mounts a series of sensors and cameras on one of the neighbors lawn. Any kid that goes there is recorded, their costume and voice copied in X's computer.
X now can impersonate most of the kids and take candies in their names.
Mistakes:
the neighbor with the lawn permitted X to install its hardware in his yard
the houses that gave candies trusted a mask, and didn't ask you to say your name or other things only you could knew
WIKIPEDIA - The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping. A classic example of this is with online message boards where users are allowed to post HTML formatted messages for other users to read.[14]
houses that give candies - servers X - the attacker you and your friends - victims
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
You are 5y old, in a future Halloween. The trick or treat tradition is still around, but the technology evolved.
A bad kid (X) lives in your neighborhood, he wants many candies, but he is lazy so he decided to steal them from the other kids. X has very rich parents, has future 3D printers and other cool Spy tech.
Non-persistent XSS
X comes to your house, mounts a camera and sensors at your window to find out what are you going to wear. X buys a costume same as you, he records your voice and then he pretends is you for the entire night. He is going to all the houses and take the candies pretending is you.
Mistakes:
Persistent XSS
X is getting lazy, he found a new way to steal even more candies. He mounts a series of sensors and cameras on one of the neighbors lawn. Any kid that goes there is recorded, their costume and voice copied in X's computer.
X now can impersonate most of the kids and take candies in their names.
Mistakes:
houses that give candies - servers
X - the attacker
you and your friends - victims