A cross site scripting attack works in the following manner:

* The attacker identifies a web site that has one or more XSS bugs for example, a web site that echoes the contents of a querystring.
* The attacker crafts a special URL that includes a malformed and malicious querystring containing HTML and scripts such as JavaScript.
* The attacker finds a victim and gets the victim to click on a link that includes the malformed querystring. This could simply be a link to another web page, or a link in an HTML e-mail.
* Once the victim clicks the link, the victim’s browser makes a GET request to the vulnerable server, bypassing the malicious querystring.
* The vulnerable server echoes the malicious querystring back to the victim’s browser, and the browser executes the JavaScript embedded in the response.

Explore More

Best Server Security Configuration

Best Server Security Configuration. Summary 1) Upgrade Apache/PHP, MySQL, OpenSSH, OpenSSL, cP/WHM etc2) cP/WHM Configuration3) SSH Access4) Mod_Security5) Firewall6) DDoS Protection7) Rootkit8) PHP Configuration9) Other10)The End Author: QKrun1x 1) Upgrade

Read More

You’ve Hired a Hacker (Section 5)

Section 5: What does that mean? 5.1: My hacker doesn’t speak English. At least, I don’t think so. Your hacker is a techie, and knows a number of powerful concepts

Read More

Nessus Vulnerability Scanner

Are you Vulnerable? If you don’t have the luxury of building secure software from the start and your business uses off the shelf software to get your work done you

Read More