A cross site scripting attack works in the following manner:

* The attacker identifies a web site that has one or more XSS bugs for example, a web site that echoes the contents of a querystring.
* The attacker crafts a special URL that includes a malformed and malicious querystring containing HTML and scripts such as JavaScript.
* The attacker finds a victim and gets the victim to click on a link that includes the malformed querystring. This could simply be a link to another web page, or a link in an HTML e-mail.
* Once the victim clicks the link, the victim’s browser makes a GET request to the vulnerable server, bypassing the malicious querystring.
* The vulnerable server echoes the malicious querystring back to the victim’s browser, and the browser executes the JavaScript embedded in the response.

Explore More

Extensive SQL Injection Tutorial

( This is one of the most extensive and most usefull tutorials about this subject I’ve seen read this and you’ll be sure to get a beter understanding! ) TABLE

Read More

Critical XSS Vulnerability in Ministry of Information & Broadcasting http://www.ddindia.gov.in

PlanetCreator.Net’s Security Team Member has reported another critical XSS vulnerability on Ministry of Information & Broadcasting http://www.ddindia.gov.in These are some information from Vulnerability Site http://www.ddindia.gov.in: This vulnerability has been alerted

Read More

Bypassing Shell Security

Safemode = On (Secure) Disables Functions = dl, passthru, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid ================ Create A File “Php.ini” In Some Writeable

Read More