A cross site scripting attack works in the following manner:

* The attacker identifies a web site that has one or more XSS bugs for example, a web site that echoes the contents of a querystring.
* The attacker crafts a special URL that includes a malformed and malicious querystring containing HTML and scripts such as JavaScript.
* The attacker finds a victim and gets the victim to click on a link that includes the malformed querystring. This could simply be a link to another web page, or a link in an HTML e-mail.
* Once the victim clicks the link, the victim’s browser makes a GET request to the vulnerable server, bypassing the malicious querystring.
* The vulnerable server echoes the malicious querystring back to the victim’s browser, and the browser executes the JavaScript embedded in the response.

Explore More

Ur email can be intercepted!

Top 10 Places Your Email Can Be Intercepted The Internet has radically changed the way we communicate with each other. Email is obviouslyan extremely valuable and ubiquitous form of communication,

Read More

What are the drawbacks of signature-based antivirus software?

Every virus cannot be detected by a signature-based antivirus largely for the following reasons: * If an attacker has changed the signature of a virus, any signature-based antivirus will not

Read More

ZoneAlarm Using ”Scareware” to Sell Firewall

ZoneAlarm’s developer is using scareware tactics to force free-version clients into purchasing the full suite. Firewall developer Check Point Software Technologies has come under fire from consumers using the free

Read More