A cross site scripting attack works in the following manner:

* The attacker identifies a web site that has one or more XSS bugs for example, a web site that echoes the contents of a querystring.
* The attacker crafts a special URL that includes a malformed and malicious querystring containing HTML and scripts such as JavaScript.
* The attacker finds a victim and gets the victim to click on a link that includes the malformed querystring. This could simply be a link to another web page, or a link in an HTML e-mail.
* Once the victim clicks the link, the victim’s browser makes a GET request to the vulnerable server, bypassing the malicious querystring.
* The vulnerable server echoes the malicious querystring back to the victim’s browser, and the browser executes the JavaScript embedded in the response.

Explore More

Critical SQL Injection in singforyou.net

Security Researcher $@T0R! has reported another Critical SQL Injection in singforyou.net SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an

Read More

How to hack a website? – Tips and tricks

Here are the most common techniques used to hack a website Hacking sites that are least protected by password – By pass authentication It’s the webmaster’s nightmare, hackers accessing the

Read More

What is a cookie?

A cookie is a small bit of text that accompanies requests and pages as they move between Web servers and browsers. It contains information that is read by a Web

Read More