A cross site scripting attack works in the following manner:

* The attacker identifies a web site that has one or more XSS bugs for example, a web site that echoes the contents of a querystring.
* The attacker crafts a special URL that includes a malformed and malicious querystring containing HTML and scripts such as JavaScript.
* The attacker finds a victim and gets the victim to click on a link that includes the malformed querystring. This could simply be a link to another web page, or a link in an HTML e-mail.
* Once the victim clicks the link, the victim’s browser makes a GET request to the vulnerable server, bypassing the malicious querystring.
* The vulnerable server echoes the malicious querystring back to the victim’s browser, and the browser executes the JavaScript embedded in the response.

Explore More

Critical persistent xss vulnerabilities at IPAY : Myanmar Online payment Official Site

This evening, I found a fascinated  big bill board “IPAY” http://www.ipay.com.mm at Thamine Junction, Yangon, Myanmar. Then, I said my friend “googl3group” about it, and said  “NO XSS, NO SQL

Read More

brb’s uninstaller 2009, Freeware

When brb’s Uninstaller is started, its main window fills with installed applications. Change View type From the uninstaller toolbar you can change the way that the list of applications may

Read More

Winsock tutorial

Just a little something I have been writing on and off. It was originally meant to be a collaboration of two of my prior tutorials, however, I’m starting to find

Read More