A cross site scripting attack works in the following manner:

* The attacker identifies a web site that has one or more XSS bugs for example, a web site that echoes the contents of a querystring.
* The attacker crafts a special URL that includes a malformed and malicious querystring containing HTML and scripts such as JavaScript.
* The attacker finds a victim and gets the victim to click on a link that includes the malformed querystring. This could simply be a link to another web page, or a link in an HTML e-mail.
* Once the victim clicks the link, the victim’s browser makes a GET request to the vulnerable server, bypassing the malicious querystring.
* The vulnerable server echoes the malicious querystring back to the victim’s browser, and the browser executes the JavaScript embedded in the response.

Explore More

MSSQL – injection Tutorial

MSSQL – injection ########################### 1.1 Introduction 1.2 How to ask Vulnerability page? 1.3 How to prove that the site of weakness? 1.4 How to find version / name of the

Read More

Online Services

Gathering information: (set) http://www.subnetonline.com/ (set) http://ping.eu/ (ping, dns_tools, traceroute, web_tools) http://serversniff.net/ (DIG / nslookup, whois, traceroute) http://networking.ringofsaturn.com/Tools/ (whois, dns_tools, service_scan, traceroute) http://centralops.net/co/DomainDossier.aspx (whois, dns_tools, domain_search) http://www.whois.ws/ (whois, dns_tools) http://www.robtex.com/ (whois)

Read More

What are the phases of malicious hacking?

The following are the phases of malicious hacking: Reconnaissance: In this phase, the attacker gathers information about the victim. Scanning: In this phase, the attacker begins to probe the target

Read More