A cross site scripting attack works in the following manner:

* The attacker identifies a web site that has one or more XSS bugs for example, a web site that echoes the contents of a querystring.
* The attacker crafts a special URL that includes a malformed and malicious querystring containing HTML and scripts such as JavaScript.
* The attacker finds a victim and gets the victim to click on a link that includes the malformed querystring. This could simply be a link to another web page, or a link in an HTML e-mail.
* Once the victim clicks the link, the victim’s browser makes a GET request to the vulnerable server, bypassing the malicious querystring.
* The vulnerable server echoes the malicious querystring back to the victim’s browser, and the browser executes the JavaScript embedded in the response.

Explore More

WikiLeaks supporters step up cyber war

LONDON (AFP)— A group of hackers vowed on Thursday to intensify a “war of data” against Mastercard, Visa and other groups which have cut funding to the WikiLeaks website over

Read More

Email Servers and Ports

Email Servers and PortsThere are two servers required for sending and receiving email, i.e. the SMTP and POP servers. ## Incoming and Outgoing Mail Servers # Incoming Mail Server# :

Read More

Timing Attacks with HTML5

HTML 5 and related technologies bring a whole slew of new features to web browsers, some of which can be a threat to security and privacy. This paper describes a

Read More