What is the difference between self XSS and reflected XSS? If I find a XSS vulnerability, how do I know whether it is self XSS or reflected XSS ? I have tried reading a lot of articles on Google but am still confused. Thanks in advance!
Reflected XSS occurs when user input included in the url address is reflected in the page source un-unescape .
Now, a lot of things can be user input such as your input in search form , the url adress itself . an example is
https://vulnerable.com/<script>alert(1)</script>
lets say after visiting the url and you check the page source in your browser and you see <script>alert(1)</script> somewhere in the page source . This is a reflected xss and can be used to exploit other users since anyone who visited that link will have the xss fired and their cookies stolen if lacking the httponly flag
Self XSS self Xss is an xss that executes in the context of the user who submits the payload . Say web app has profile function and in the profile function you have an option to specify a nickname . now in this web app you cant view other user profiles , meaning thier is no way to make another user view your profile . Most bank apps are like this. Now, if the nick name parameter is vulnerable to xss , The xss here would be self xss because only you can view your user profile and the xss will only execute in your own context . You can agree that stealing your own cookies isnt of any impact