Exploitation of Cross-Site Scripting (XSS) Vulnerability on Real World Web Applications and its Defense

Attacks on web applications are growing rapidly with the opening of new technologies, HTML tags and JavaScript functions. Cross-Site Scripting (XSS) vulnerabilities are being exploited by the attackers to steal web browser's resources (cookies, credentials etc. ) by injecting the malicious JavaScript code on the victim's web applications. The existing techniques like filtering of tags and special characters, maintaining a list of vulnerable sites etc. cannot eliminate the XSS vulnerabilities completely. In this paper, initially we have tried out the experiments on the exploitation of XSS vulnerabilities using local host server (i. e. XAMPP). After this, we have investigated for the XSS vulnerabilities on social networking sites (like Facebook, Orkut, Blogs, Twitter etc. ) and tried to exploit the same on blogs. Finally, on the basis of some analysis and results, we have discussed a novel technique of mitigating this XSS vulnerability by introducing a Sandbox environment on the web browser.