A cross site scripting attack works in the following manner:

* The attacker identifies a web site that has one or more XSS bugs for example, a web site that echoes the contents of a querystring.
* The attacker crafts a special URL that includes a malformed and malicious querystring containing HTML and scripts such as JavaScript.
* The attacker finds a victim and gets the victim to click on a link that includes the malformed querystring. This could simply be a link to another web page, or a link in an HTML e-mail.
* Once the victim clicks the link, the victim’s browser makes a GET request to the vulnerable server, bypassing the malicious querystring.
* The vulnerable server echoes the malicious querystring back to the victim’s browser, and the browser executes the JavaScript embedded in the response.

Explore More

Batten down the Hatches—10-Minute Tactics

The simplest way to defend your computer quickly against hackers is to use a firewall. So let’s look at your two fastest options. Either can be done in 10 minutes.Turn

Read More

Dyne’s Hackers List v1.10

0x01 – Definitions: Hacker vs Cracker The New Hacker’s Dictionary defines Hacker as: “A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as

Read More

New phishing scam targets high level executives

A new phishing attack has been circulating lately, but instead of trying to dupe millions of computer users into giving up their financial information, this one is aimed at high

Read More