What is the difference between Cross-site Scripting and SQL Injection, attacks?

What is the difference between Cross-site Scripting and SQL Injection, attacks?
A . Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser.
B . Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social engineering attack.
C . Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a database is manipulated.
D . Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side.

View Answer

Answer: A

Explanation:

Answer B is not correct because Cross-site Scripting (XSS) is not a brute force attack.

Answer C is not correct because the statement “Cross-site Scripting is when executives in a corporation are attacked” is not true. XSS is a client-side vulnerability that targets other application users.

Answer D is not correct because the statement “Cross-site Scripting is an attack where code is executed from the server side”. In fact, XSS is a method that exploits website vulnerability by injecting scripts that will run at client’s side.

Therefore only answer A is left. In XSS, an attacker will try to inject his malicious code (usually malicious links) into a database. When other users follow his links, their web browsers are redirected to websites where attackers can steal data from them. In a SQL Injection, an attacker will try to inject SQL code (via his browser) into forms, cookies, or HTTP headers that do not use data sanitizing or validation methods of GET/POST parameters.

Note: The main difference between a SQL and XSS injection attack is that SQL injection attacks are used to steal information from databases whereas XSS attacks are used to redirect users to websites where attackers can steal data from them.