A cross site scripting attack works in the following manner:

* The attacker identifies a web site that has one or more XSS bugs for example, a web site that echoes the contents of a querystring.
* The attacker crafts a special URL that includes a malformed and malicious querystring containing HTML and scripts such as JavaScript.
* The attacker finds a victim and gets the victim to click on a link that includes the malformed querystring. This could simply be a link to another web page, or a link in an HTML e-mail.
* Once the victim clicks the link, the victim’s browser makes a GET request to the vulnerable server, bypassing the malicious querystring.
* The vulnerable server echoes the malicious querystring back to the victim’s browser, and the browser executes the JavaScript embedded in the response.

Explore More

Buffer Overflows

Buffer Overflow Overview Buffer overflows are the classic security vulnerability that have been around since the beginning of programming, and are still occurring everywhere today. Buffer overflows are very prevalent

Read More

Social Engineering is no science, it is pure trickery!

The term “Social Engineering” sounds like a serious academic subject on reforming a wayward society! Alas, far from the truth, it is pure and simple trickery, a con job. The

Read More

Sony Rootkits your computer

SONY ROOTKITS SYSTEMS when you put a CD in to play it, a prospect that is both disturbing and scary at the same time. If you thought the record companies

Read More