What is a reflected XSS attack?
Reflected attacks are those where the injected script is reflected off the web server, such as in an error message, search result, or any other response that includes some or all of the input sent to the server as part of the request. Reflected attacks are delivered to victims via another route, such as in an e-mail message, or on some other web site. When a user is tricked into clicking on a malicious link, submitting a specially crafted form, or even just browsing to a malicious site, the injected code travels to the vulnerable web site, which reflects the attack back to the user’s browser. The browser then executes the code because it came from a "trusted" server
Can somebody explain to me with an example? And what is the main difference between Reflected XSS and Stored XSS?
Reflected XSS attack I send a victim a link to http://example.com/page?var=[removed]alert('xss')[removed] and somewhere on the page that value is echoed back to the victim. The value is only on the page if they follow my special link. The downside of this type is I have to specifically attack one victim or a group of victims who I can get to click on a link. It may be hard to get another person to follow your link.
Stored XSS I found a way to get a website to persist [removed]alert('xss')[removed] for some time, maybe in the database. Then I can send the victim to http://example.com/page and it reads the value out of the database and presents it to the victim. The upside of this type is it will attack everyone who views the page.