What Is A “Blind” XSS
The Blind XSS (BXSS) is a type of Persistent XSS attack where the hacker ‘blindly’ targets webpages that store user input in a database (like blogs, forums, contact forums, login pages etc etc) the BXSS and the Persistent XSS attacks are pretty identical in terms of target goal and the payload stored, the difference is in the execution of the attack.
In BXSS, the hacker fires off payloads into the vulnerable sties but doing it manually is cumbersome. The process can be automated using XSS security tools such as XSS Hunter, which finds XSS vulnerabilities on web pages, automatically creates payloads for those vulnerabilities and even correlates injection attempts. The hacker isn’t expecting to see any immediate response or sign that the attack worked, they aren’t even aware if the payload was stored in the same web application or even stored in the first place….hence the “Blind” in Blind XSS.
The BXSS sometimes targets sites administrators because of the malicious script is commonly either sanitized before being served to everyday site visitors or served b ya different web application. Site admins/mods who use management web sessions to load content for administrative tasks might find themselves executing the malicious code in the admin interface.
For example, lets say the hacker injects malicious code in a contact forum and submits it to the server. The code will be stored in the database but not likely in the same application. Thus, there is no immediate response, such as the typical JavaScript Alert() box. The browser of a victim who visits the same contact page isn’t’ authorized to make a GET request for the hackers payload stored in the database; however, a site admin who is reviewing the everyday contact submission from site visitors may inadvertently execute the malicious script stored inside the hackers contact submission.
Credit : thecybersecurityman
Cheers,
Areeb