A cross site scripting attack works in the following manner:

* The attacker identifies a web site that has one or more XSS bugs for example, a web site that echoes the contents of a querystring.
* The attacker crafts a special URL that includes a malformed and malicious querystring containing HTML and scripts such as JavaScript.
* The attacker finds a victim and gets the victim to click on a link that includes the malformed querystring. This could simply be a link to another web page, or a link in an HTML e-mail.
* Once the victim clicks the link, the victim’s browser makes a GET request to the vulnerable server, bypassing the malicious querystring.
* The vulnerable server echoes the malicious querystring back to the victim’s browser, and the browser executes the JavaScript embedded in the response.

Explore More

Critical SQL Injection in mail4U is a production of Bagan Cybertech

PlanetCreator has reported another critical SQL Injection (vulnerability) on mail4U is a production of Bagan Cybertech http://www.mail4u.com.mm/ SQL injection is a code injection technique that exploits a security vulnerability occurring

Read More

Hacking PHP 4.4

This tut Shows how to hack Sites running: Php 4.4 Sites. Step 1 – Search for them Yep,make a Google dork to find sites running Apache and PHP 4.4 .

Read More

MSSQL – injection Tutorial

MSSQL – injection ########################### 1.1 Introduction 1.2 How to ask Vulnerability page? 1.3 How to prove that the site of weakness? 1.4 How to find version / name of the

Read More