A cross site scripting attack works in the following manner:

* The attacker identifies a web site that has one or more XSS bugs for example, a web site that echoes the contents of a querystring.
* The attacker crafts a special URL that includes a malformed and malicious querystring containing HTML and scripts such as JavaScript.
* The attacker finds a victim and gets the victim to click on a link that includes the malformed querystring. This could simply be a link to another web page, or a link in an HTML e-mail.
* Once the victim clicks the link, the victim’s browser makes a GET request to the vulnerable server, bypassing the malicious querystring.
* The vulnerable server echoes the malicious querystring back to the victim’s browser, and the browser executes the JavaScript embedded in the response.

Explore More

Prevent spam in your Gmail account

Are you worried about spam in your precious gmail account ? If yes, then you would like to consider making aliases of your gmail id to use when you’re not

Read More

Wake up Adobe; we love your Flash player but not Trojans

Virus developers are taking advantage of the enormous popularity of the Adobe flash player and creating fake Adobe Flash player which installs Trojan horse designed to steal password and personal

Read More

Ethical Hacker

Gmail Fake login page using XSS vulnerability on google mail A XSS vulnerability in Gmail allow hackers to create fake login page and show the domain name as mail.google.com.See the

Read More