A cross site scripting attack works in the following manner:

* The attacker identifies a web site that has one or more XSS bugs for example, a web site that echoes the contents of a querystring.
* The attacker crafts a special URL that includes a malformed and malicious querystring containing HTML and scripts such as JavaScript.
* The attacker finds a victim and gets the victim to click on a link that includes the malformed querystring. This could simply be a link to another web page, or a link in an HTML e-mail.
* Once the victim clicks the link, the victim’s browser makes a GET request to the vulnerable server, bypassing the malicious querystring.
* The vulnerable server echoes the malicious querystring back to the victim’s browser, and the browser executes the JavaScript embedded in the response.

Explore More

WikiLeaks founder Julian Assange was refused bail by a British court on Tuesday after he was arrested over allegations of sex crimes in Sweden.

(Reuters) Assange, whose WikiLeaks website is at the center of a row over the release of secret U.S. diplomatic cables, was arrested under a European Arrest Warrant earlier on Tuesday

Read More

critical SQL injection (vulnerability) on Dhamma Web http://www.dhammaweb.net

PlanetCreator.Net’s Security Team member zai22 reported another critical SQL injection (vulnerability) on Dhamma Web http://www.dhammaweb.net SQL injection is a code injection technique that exploits a security vulnerability occurring in the

Read More

What are the countermeasures against software keyloggers?

It is very hard to detect a keylogger’s activity. Hence, a Network Administrator should take the following steps as countermeasures against software keyloggers: * Actively monitor the programs running on

Read More