问题
I was not able to understand what the difference between stored xss and reflected xss is. Can you tell me with an example?
回答1:
Stored XSS means that some persistant data (typically stored in a databse) are not sanitized in a page, which implies that everyone can be affected by the vulnerability. For example, imagine a forum where users' answers posted are not escaped. If someone posts a topic with some HTML on it, everyone that goes to the topic page will be affected! The risks can generally be important, since it affects all users and can widespread rapidly (A typical example is Myspace XSS worm which impacted one million users in 20 hours).
Reflected XSS, on the contrary, means that non-persistent data (generally data provided by the client through form submission) are not escaped. For instance, imagine a search engine where in the results list page, your search keywords are redisplayed (and not sanitized). You could then put html on your research and it will be executed. While the risks of this vulnerability are less obvious, since it only affects the user who made the injection, it can be a problem too. For example if a malicious user sends a link with the injection on it to a victim, and the victim clicks on the link.
回答2:
With perspective of business impact on system
Stored XSS is persisted into the system and hence is visible to anyone else who comes and reads the content stored. For example, if I edit a page in wikipedia and inject some javascript code, that will be visible to all new visitors.
Reflected XSS on other hand is like I input some code, which is reflected back to me alone. This one will not be in general visible to others, however such a vulnerability can be utilized by hacker for clickjacking. Suppose an url parameter for a search results page can be converted to a code script. This url can be send people over emails and they would click on it to see the malicious code executed on our business site. Though no such code existed in our site, lack of input validation will result in such urls to show malicious content on our site as if it were there and business owner will lose their brand reputation.
回答3:
In a simple way,we can say that stored xxs means the presistent data is stored but reflected xss means the presistent data is unstored.
来源:https://stackoverflow.com/questions/45952778/what-is-the-difference-between-stored-xss-and-reflected-xss