What is Cross Site Scripting ?

-
Cross Site Scripting (XSS Attacks)

 Cross site scripting is an Attacker executing a malicious code on Victims browser. Usually attacker will inject a script that will display the output of that web application.
  
   The attacker dose not directly target his victim , instead he exploit a vulnerable codes on the website that victim visit.

For Example:

 This is a sample code of a web application .

 print "<html>"
print "Latest comment:"
print database.latestComment
print "</html>"

The script assumes that a comment consists only of text. However, since the user input is included directly, an attacker could submit this comment: "<script>...</script>". Any user visiting the page would now receive the following response

<html>
Latest comment:
<script>hacked it</script>
</html> 


When the user's browser loads the page, it will execute whatever JavaScript code is contained inside the <script> tags. The attacker has now succeeded with his attack.



  














 

Comments

Post a Comment

Popular posts from this blog

DNS Tunneling Attack - You might know this !

-
Image
  Introduction: In the world of cybersecurity, attackers continuously explore new techniques to bypass network defenses and exfiltrate sensitive information. One such technique gaining prominence is DNS tunneling. DNS tunneling allows attackers to use the DNS protocol as a covert communication channel, exploiting its ubiquitous nature and inherent characteristics. This blog post delves into the concept of DNS tunneling, its working mechanism, potential risks, and methods to mitigate this emerging threat. Understanding DNS Tunneling: DNS (Domain Name System) is the backbone of the internet, responsible for translating domain names into IP addresses. Its primary purpose is to facilitate communication between devices. However, this fundamental protocol can be manipulated to serve as a covert channel for data transmission. DNS tunneling involves encapsulating data within DNS queries and responses, effectively bypassing network security measures that may not scrutinize DNS traffic as c...
Read more

The New LG OLED TV with 4K

-
Image
It doesn't seem too long ago that we were questioning whether OLED TV would really take off, but since then a slew of ultra-thin screens have passed through our testing rooms. Our verdict? OLED TVs were definitely worth the wait. With the rapid evolution of televisions over the past few years, we've seen new technologies from 3D to Smart content to  4K Ultra HD  resolution all become established features. OLED has managed to work its way on to the long list of TV jargon too, with its main selling point being ultra-dark blacks and super-bright whites. The first OLED TVs started to hit the shelves in 2013 but they were few and far between, and expensive . These sets gave us a glimpse at what all the fuss was about, with a revolution in picture quality and slimline design promised - a 4K OLED TV became the holy grail in many AV enthusiasts' minds. But that promise appeared to wane somewhat during 2014. First there was news that Sony and Panasonic ha...
Read more

Protect Your Smartphone's Data, and Avoid Being Hacked

-
Image
The government  hack of an iPhone  used by a San Bernardino killer serves as a reminder that phones and other electronic devices aren't impenetrable vaults. While most people aren't targets of the  NSA , FBI or a foreign government, hackers are looking to steal the financial and personal information of ordinary people. Your phone stores more than just selfies. Your email account on the phone, for instance, is a gateway to resetting banking and other sensitive passwords. Like washing your hands and brushing your teeth, a little "cyber hygiene" can go a long way toward preventing disaster. Lock your phone with a passcode Failing to do so is like leaving your front door unlocked. A four-digit passcode - and an accompanying self-destruct feature that might wipe a phone's data after too many wrong guesses - stumped the FBI for weeks and forced them to bring in outside help. Using six digits makes a passcode 100 times harder to guess. And if you want to m...
Read more