A cross site scripting attack works in the following manner:

* The attacker identifies a web site that has one or more XSS bugs for example, a web site that echoes the contents of a querystring.
* The attacker crafts a special URL that includes a malformed and malicious querystring containing HTML and scripts such as JavaScript.
* The attacker finds a victim and gets the victim to click on a link that includes the malformed querystring. This could simply be a link to another web page, or a link in an HTML e-mail.
* Once the victim clicks the link, the victim’s browser makes a GET request to the vulnerable server, bypassing the malicious querystring.
* The vulnerable server echoes the malicious querystring back to the victim’s browser, and the browser executes the JavaScript embedded in the response.

Explore More

Methods of Making Your Trojans/Bots F/Undetecable

1. Crypters/Binders. This is By far the most Common Way to Make Your Trojan Undetectable. Almost everyone Who Makes There Trojans Undetectable Uses a Public Crypter, My First Public Crypter,

Read More

Local File Inclusion (LFI) tutorial

This tutorial will guide you into the process of exploiting a website through the LFI (Local File Inclusion). First lets take a look at a php code that is vulnerable

Read More

You’ve Hired a Hacker (Section 2)

Section 2: Social issues 2.1: My hacker doesn’t fit in well with our corporate society. She seems to do her work well, but she’s not really making many friends. This

Read More