CSRF v/s XSS - Similarities and differences?
I know about cross-site scripting and cross-site request forgery. I want to know if there is any similarity between CSRF v/s XSS? I would also like to confirm the differences?
In a cross-site request forgery attack, the attacker tries to force/trick you into making a request which you did not intend. This could be sending you a link that makes you involuntarily change your password. A malicious link could look like that:
https://security.stackexchange.com/account?new_password=abc123 In a cross-site scripting attack, the attacker makes you involuntarily execute client-side code, most likely Javascript. A typical reflected XSS attacking attempt could look like this:
https://security.stackexchange.com/search?q=">[removed]alert([removed])[removed] CSRF v/s XSS - Similarities
Both attacks have in common that they are client-side attacks and need some form of user activity (e.g. clicking a link or visiting a website). Unlike RFI or SQLi vulnerabilities, you're attacking a user rather than the server. XSS is generally more powerful than CSRF because it usually allows the execution of arbitrary script code while CSRF is restricted to a particular action (e.g. changing the password). As @Lukas points out, a successful XSS attack also effectively bypasses all anti-CSRF measures.
CSRF v/s XSS - Differences
Since it doesn’t require any user interaction, XSS is believed to be more dangerous CSRF is restricted to the actions victims can perform. XSS, on the other hand, works on the execution of malicious scripts enlarging the scope of actions the attacker can perform XSS requires only a vulnerability, while CSRF requires a user to access the malicious page or click a link CSRF works only one way – it can only send HTTP requests, but cannot view the response. XSS can send and receive HTTP requests and responses in order to extract the required data.