Logo Knowledge
  • Product Documentation
  • Insight
  • Developer Center
  • Training
  • Submit a Request
  • Product Documentation
  • Insight
  • Developer Center
  • Training
  • Submit a Request
  1. Acquia Support Knowledge Base
  2. How-To
  3. Best Practices

Using XSS to steal access

    See more
    • Updated
    • September 22, 2020 13:51

    Issue

    I would like to understand the security implications of Cross Site Scripting (XSS)?

    Resolution

    We've talked about Cross Site Scripting (XSS) before, and for good reason; it's a risk far too many websites are vulnerable to. The basic threat of XSS to your website's security is that it runs in the context of the trusted relationship between your browser and a website.

    XSS cookie theft

    Another example of an XSS exploit is using XSS to steal administrative access to a website:

    1. An attacker enters JavaScript that steals the visitor's browser cookie.
    2. An administrator unknowingly executes this JavaScript.
    3. The administrator's browser sends the cookie to the attacker's website.
    4. The attacker uses the stolen cookie to use the administrator's access on the website.

    Mitigation

    XSS vulnerabilities are extremely common in web applications, so you should audit your configuration and custom code for adherence to Drupal best practices.

    Topics

    • security
    • xss
    • best practices
    • drupal7

    External Links

    • Anything you can do, XSS can do better
    • Securing your site
    • Writing secure code in Drupal 7
    Avatar
    Stacy Wray
    • September 22, 2020 13:51
    • Updated
    • Facebook
    • Twitter
    • LinkedIn

    Was this article helpful?
    0 out of 2 found this helpful

    Return to top

    Related articles

    • Anything you can do, XSS can do better
    • Introduction to .htaccess rewrite rules
    • Why does my site receive lots of requests to autodiscover.xml?
    • Harden Drupal sites against security threats
    • Changes to FPM Access and Apache Access Log Formatting

    Support

    Acquia Support Knowledge Base
    • Submit a Request
    • Contact Support
    • Acquia Support Guide
    • Product Documentation
    • System Status

    About Acquia

    • About Us
    • Leadership
    • Board of directors
    • Newsroom
    • Careers
    • Customers
    • Contact Us
    53 State Street, 10th Floor
    Boston, MA 02109
    United States
    Phone: 888-922-7842
    Map: Google Maps
    View other locations
    • Feeds
    • Legal
    • Security Issue?

    Copyright © 2018 Acquia Inc. All Rights Reserved. Drupal is a registered trademark of Dries Buytaert.