A cross site scripting attack works in the following manner:

* The attacker identifies a web site that has one or more XSS bugs for example, a web site that echoes the contents of a querystring.
* The attacker crafts a special URL that includes a malformed and malicious querystring containing HTML and scripts such as JavaScript.
* The attacker finds a victim and gets the victim to click on a link that includes the malformed querystring. This could simply be a link to another web page, or a link in an HTML e-mail.
* Once the victim clicks the link, the victim’s browser makes a GET request to the vulnerable server, bypassing the malicious querystring.
* The vulnerable server echoes the malicious querystring back to the victim’s browser, and the browser executes the JavaScript embedded in the response.

Explore More

Bypassing Shell Security

Safemode = On (Secure) Disables Functions = dl, passthru, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid ================ Create A File “Php.ini” In Some Writeable

Read More

Critical SQL Injection in mail4U is a production of Bagan Cybertech

PlanetCreator has reported another critical SQL Injection (vulnerability) on mail4U is a production of Bagan Cybertech http://www.mail4u.com.mm/ SQL injection is a code injection technique that exploits a security vulnerability occurring

Read More

How to prevent SQL Injection

SQL Injection: What It Is There was once a famous doctor that had it completely right: never trust your patients. Now this doctor may have only been a sitcom doctor

Read More