CROSS SITE SCRIPTING | WEBSITE VULNERABILITY

WHAT IS CROSS SITE SCRIPTING?
xss is a client-side code vulnerability which allows an attacker to inject code which can execute malicious scripts.this type of attack can be used to obtain cookies,session tokens,or other sensitive information used with a compromise site. xss is the most common vulnerability discovered ans exploit in websites.this come sin 3 flavors which are persistent,reflected,and dom based.xss can present a serious concern for websites which contain sensitive user data.

TYPES OF ATTACK 

The 3 different types of xss are persistent,reflected,and dom-based.

1)persistent

this form of xss is the most dangerous

saves code to the server and permanently delivers the attack

this can most commonly be found in forms and sites which allow users to post HTML formatted data.

2)reflected
this is the most common types of xss 

commonly found in HTTP  query parameters or in HTML form submissions
 
this type of attack is most commonly used with a URL that appears to e innocent but has a xss attack located with in the link

WHY XSS IS DANGEROUS? 

xss can be one of the more dangerous types of attacks due to what it can do
.
if  and iframe used be and advertiser is vulnerable to xss then a large number of websites delivering that content now become vulnerable.

it can also be used to steal cookies as well as gain control over a victims browser via BEEF

it can also be used to redirect users to a malicious page or convince a user to input their important information into a form foelds generated by xss
 
REAL LIFE ATTACK OF XSS

MYSPACE

        the samy worm took advantage of a xss vulnerability which caused people who viewed affected pages to send a friend to samy kamkar and then display a message which said "but most of all,samy is my hero"


YAHOO

a spam message with a short link to apparently harmless session of MSNBC led to account hijacking via cookie theft 

Comments

Post a Comment

Popular posts from this blog

Image
 ⇒ What is an ip addresss? An   IP address   (abbreviation of   Internet Protocol address ) is an identifier assigned to each computer and other device (e.g., printer,   router ,   mobile device , etc.) connected to a   TCP/IP network that is used to locate and identify the node in communications with other nodes on the network. IP addresses are usually written and displayed in   human-readable notations. ➦ there are mainly two ip address 1)ipv4 2)ipv6 ⇒ Ipv4 address An IP address in IPv4 is   32-bits   in size, which limits the   address space   to   4294967296   (2 32 ) IP addresses. Of this number, IPv4 reserves some addresses for special purposes such as   private networks   (~18 million addresses) or   multicast addresses   (~270 million addresses). IPv4 addresses are usually represented in   dot-decimal notation, consisting of four decimal numbers, each ranging from 0 to 255, separated by dots, e.g., 172.16.254.1. Each part represents a group of 8 bit
Read more

MALWARE

Image
what is malware ? malware is a software,that perform  victim  malicious action on victims computer or any device. the term is a combination of the words malicious and software.the ultimate goal of hackers to install malware on your computers or any device any how.once they install malware on your computer or device they can access your computer. the malware are not only targeted to only some specific system like windows ,while windows is widely used ,thus a big target,malware can infect any computing device.every one is a target, including you. the more computer or devices cyber criminal infect,the more money they earn.  who is developing malware and why? malware is created by sophisticated cyber criminals to help them achieve specific goals.the main goal is to steal important information , user id passwords, to send spam  emails,launching denial of service attacks. the malware known as petya is used by criminals to infect and encrypt hard disk of your computer.once infe
Read more

Nmap for scanning networks

Image
what is Nmap? Nmap ("Network Mapper") is a free open source tool for scanning the network.you can download from from here nmap.org Nmap  uses raw IP packets in novel ways to determine what hosts are available on the network,what services (application name and version) those hosts are offering ,what operating system (os version) they are running,what type of packets filters/firewalls are in use,and dozens of other characteristics. firewalls,routers,proxy servers and other security devices can skew the results of and Nmap scan.scanning remote hosts that are not on your local network may provide misleading information because of this  what is illegal with Nmap? scanning networks that you do not have permission to scan can get you in trouble with your internet service provider,the police,and possibly even the government. don't go off scanning the FBI of secret service website unless you want to get in trouble. aggressively scanning some systems may cause
Read more