A cross site scripting attack works in the following manner:

* The attacker identifies a web site that has one or more XSS bugs for example, a web site that echoes the contents of a querystring.
* The attacker crafts a special URL that includes a malformed and malicious querystring containing HTML and scripts such as JavaScript.
* The attacker finds a victim and gets the victim to click on a link that includes the malformed querystring. This could simply be a link to another web page, or a link in an HTML e-mail.
* Once the victim clicks the link, the victim’s browser makes a GET request to the vulnerable server, bypassing the malicious querystring.
* The vulnerable server echoes the malicious querystring back to the victim’s browser, and the browser executes the JavaScript embedded in the response.

Explore More

BackTrack 5 R3 Release – Aug 13th, 2012

The BackTrack Development team will be releasing an R3 revision of our Penetration Testing distribution in 2 weeks. This release focuses on bugfixes and over 50 new tool additions –

Read More

NMAP Tutorial

So… let’s say that you donwloaded NMAP in one of its latest versions, if you didn’t then go get it immediately! And come back only when you have it. http://nmap.org/download.html

Read More

Hackers note to Windows Defender’s Team in Zlob Trojan source code

Russian hacker has sent a note to the windows defender team. It’s discovered by a French analyst while analyzing the variant of the Zlob Trojan. The original note below. “For

Read More