A cross site scripting attack works in the following manner:

* The attacker identifies a web site that has one or more XSS bugs for example, a web site that echoes the contents of a querystring.
* The attacker crafts a special URL that includes a malformed and malicious querystring containing HTML and scripts such as JavaScript.
* The attacker finds a victim and gets the victim to click on a link that includes the malformed querystring. This could simply be a link to another web page, or a link in an HTML e-mail.
* Once the victim clicks the link, the victim’s browser makes a GET request to the vulnerable server, bypassing the malicious querystring.
* The vulnerable server echoes the malicious querystring back to the victim’s browser, and the browser executes the JavaScript embedded in the response.

Explore More

Hacking Banking

Here is process for hacking online banking and credit cards transactions and also a process to prevent from them . The Scenario You go to a coffee shop for a

Read More

Kaspersky’s support website hacked!

Hard to digest, but true. The leading anti-virus website provider Kaspersky’s support website got hacked and details are published at this blog. Kasperksy admitted that it’s their fault and blamed

Read More

critical XSS Vulnerability on Yatanarpon VOIP http://voip.yatanarpon.com.mm

PlanetCreator has reported another critical XSS Vulnerability on Yatanarpon VOIP http://voip.yatanarpon.com.mm This vulnerability has been informed to :- webmaster Cross-site scripting (XSS) is a type of computer security vulnerability typically

Read More