XSS Attacks on Website Stored in S3 with no Backend
Question
New web developer here trying to learn about XSS. I currently have a static site hosted out of an AWS S3 Bucket. On my site I have two locations where an user can enter data. On is a contact form that uses Formspree.io to forward the submission to an email. The other is a calculator that takes numeric input, does some arithmetic to it via a javascript file, and then displays the output. I am wondering what XSS attacks are possible. I have been doing some reading on it and it seems that a lot of the attacks stem from tags being stored somewhere and then sent to a user. If I do not store any data or cookies what attacks are possible? I know social engineering and self-XSS is possible, someone could run a script on their end and it would do what it says.
Thank you for any comments, Steve
1 answers
solution1
0 2021-07-14 04:30:11
DOM-based XSS (Client Side XSS, or Type-0 XSS) can be possible on calculator page, and reflected XSS (Type-II XSS) can be possible on contact form.
You can use OWASP guide for testing for Reflected XSS and testing for DOM XSS .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.