Compare and contrast Cross-Site Scripting and SQL Injection attacks, including with the effort needed and value of each attack.
****This requires some effort so please drop a like if you are satisfied with the solution****
Differences between Cross-Site Scripting and SQL Injection:
| Cross-Site Scripting | SQL Injection |
|---|---|
| 1. In Cross-Site Scripting a malicious code or script is injected to the website code. | 1. In Sql Injection a structured query language query or SQL query is provided to the website as input. |
| 2. In this the malicious code which is most commonly a java script code is injected on the clients machine. | 2.In this the sql query is provided as input to the input fields in the website such as form fields like the user name and the password field etc. |
| 3. The malicious code or script running on the clients machine while the client opens a website will try to redirect the user to a different website instead of the actual site and also it might try to steal the user information like credentials and sensitive information such as bank account details and transactions details etc. |
3. The sql query will be formulated in such a way that the query condition always returns true like 1 == 1 will always return true such kind of text will be used in the query and this query is provided as input in the user credentials fields so that the query returns true and gives access. |
| 4. Various libraries are provided to avoid Cross-Site Scripting (XSS) like hammer.js etc. | 4. SQL Injection can be avoided by cleaning or validating the input the user enters into the form fields. |
| 5. Commonly used for Phishing users to the attackier's site which looks exactly the same as the original site. | 5. Commonly used to alter the website database by getting access or dropping or deleting the entire database. |
Get Answers For Free
Most questions answered within 1 hours.