A cross site scripting attack works in the following manner:

* The attacker identifies a web site that has one or more XSS bugs for example, a web site that echoes the contents of a querystring.
* The attacker crafts a special URL that includes a malformed and malicious querystring containing HTML and scripts such as JavaScript.
* The attacker finds a victim and gets the victim to click on a link that includes the malformed querystring. This could simply be a link to another web page, or a link in an HTML e-mail.
* Once the victim clicks the link, the victim’s browser makes a GET request to the vulnerable server, bypassing the malicious querystring.
* The vulnerable server echoes the malicious querystring back to the victim’s browser, and the browser executes the JavaScript embedded in the response.

Explore More

Clickjacking technique called “content extraction”

Cookiejacking is a UI redressing attack that allows an attacker to hijack his victim’s cookies without any XSS. Clickjacking attacks have been widely adopted by attackers worldwide on popular websites

Read More

USB drive identifies and extracts data, leaving no footprint

Harris Corporation introduced a highly customizable USB thumb drive that quickly extracts targeted data from computers. The device – called BlackJack – is designed for military, intelligence, and law enforcement

Read More

BackTrack 5 R3 Release – Aug 13th, 2012

The BackTrack Development team will be releasing an R3 revision of our Penetration Testing distribution in 2 weeks. This release focuses on bugfixes and over 50 new tool additions –

Read More