During an investigation of an XSS attack, the investigator comes across the term “[a-zA-Z0-9\%]+” in analyzed evidence details. What is the expression used for?
Answers
The term '[a-zA-Z0-9\%]+' is a regular expression which forces input containing one or more occurrence of alpha numeric characters and % symbol. Cross site scripting (XSS) attacks uses vulnerability in web applications to inject malicious script with user input. The given regular expression shows the input is validated. Validating user input ensure that it does not contain any malicious script. The given regular expression accept only the symbol '%' and alpha numeric characters as user input.
XSS or Cross-Site Scripting attacks are type of injection having the malicious scripts injected in otherwise benign as well as trusted websites.
The XSS attacks mainly occur when attacker uses the web application to send malicious code.
Browser side script malicious codes describe an error when application reads input data on HTTP request due to the HTTP response.