| Title | What is Cross-Site Scripting (XSS) |
| Permission | rw-r--r-- |
| Author | Unknown |
| Date and Time | 22:17 |
| Category | backtrack| wiki |
| Share |
Cross-Site Scripting (XSS) allows the attacker to execute a dangerous scripts in the victim’s browser. Then the script can access victim’s crucial data, like cookies, session, cache, etc. Attacker also can rewrite the HTML page.
There are 3 basic XSS flaws, they are reflected, stored and DOM based.
Reflected
Reflected is most common type of the XSS flaw that found in the web applications. The injected code will reflected off the web server. The attacker attacks victims via another route, such as email message or other web server. Attacker will sends a malicious link to the victims.
Stored
This ismore devastating variant os XSS. Attackers can inject malicious code in the web applications and the injected code is permantly store on the target servers. This is a dangerous attack. For example attacker leaving malicious code in a blog’s comment of vulnerable blog web application. The malicious code will execute in the browser of the other blog visitor.
DOM based.
DOM is a World Wide Web Consortium (W3C) specification. DOM is a object model for representing XML and HTML structures. Attacker payload is executed as the result of modifying the DOM in the victim’s browser. Like the other XSS, DOM based XSS can be used to steal victim’s data or hijack the victim’s banking account.
Cross-Site Scripting (XSS) is one of the popular technique of penetration. So you must be careful and use a internet security software to protect you from hacker.
0 Comments