A cross site scripting attack works in the following manner:

* The attacker identifies a web site that has one or more XSS bugs for example, a web site that echoes the contents of a querystring.
* The attacker crafts a special URL that includes a malformed and malicious querystring containing HTML and scripts such as JavaScript.
* The attacker finds a victim and gets the victim to click on a link that includes the malformed querystring. This could simply be a link to another web page, or a link in an HTML e-mail.
* Once the victim clicks the link, the victim’s browser makes a GET request to the vulnerable server, bypassing the malicious querystring.
* The vulnerable server echoes the malicious querystring back to the victim’s browser, and the browser executes the JavaScript embedded in the response.

Explore More

You’ve Hired a Hacker (Section 3)

Section 3: Productivity 3.1: My hacker plays video games on company time. Abraham Lincoln said, “If I had ten hours to chop down an oak tree, I’d spend the first

Read More

Preventing ID Theft

Identity theft is the intentional use or theft of a person’s private information to obtain goods or services from another entity. “Private” information is the facts about you that are

Read More

SQL injection Basic Tutorial

One of the major problems with SQL is its poor security issues surrounding is the login and url strings.this tutorial is not going to go into detail on why these

Read More