A cross site scripting attack works in the following manner:

* The attacker identifies a web site that has one or more XSS bugs for example, a web site that echoes the contents of a querystring.
* The attacker crafts a special URL that includes a malformed and malicious querystring containing HTML and scripts such as JavaScript.
* The attacker finds a victim and gets the victim to click on a link that includes the malformed querystring. This could simply be a link to another web page, or a link in an HTML e-mail.
* Once the victim clicks the link, the victim’s browser makes a GET request to the vulnerable server, bypassing the malicious querystring.
* The vulnerable server echoes the malicious querystring back to the victim’s browser, and the browser executes the JavaScript embedded in the response.

Explore More

How to Detect a Hacker Attack

If a hacker breaks into your computer, just noses around, and makes no changes to your computer, it’s not easy to tell he’s been there. There’s no alert that says,

Read More

Registry Tips and Tricks

Display Your Quick Launch ToolbarTip: Is your Quick Launch toolbar missing from the taskbar? To display your familiar Quick Launch toolbar: Right-click an empty area on the taskbar, click Toolbars,

Read More

Hack Tools, Utilities and Exploits

Packetstorm Last 10 Files glsa-200901-13.txt – Gentoo Linux Security Advisory GLSA 200901-13 – Multiple vulnerabilities have been discovered in Pidgin, allowing for remote arbitrary code execution, denial of service and

Read More