CROSS SITE SCRIPTING | WEBSITE VULNERABILITY
WHAT IS CROSS SITE SCRIPTING?
xss can be one of the more dangerous types of attacks due to what it can do
.
if and iframe used be and advertiser is vulnerable to xss then a large number of websites delivering that content now become vulnerable.
it can also be used to steal cookies as well as gain control over a victims browser via BEEF
it can also be used to redirect users to a malicious page or convince a user to input their important information into a form foelds generated by xss
xss is a client-side code vulnerability which allows an attacker to inject code which can execute malicious scripts.this type of attack can be used to obtain cookies,session tokens,or other sensitive information used with a compromise site. xss is the most common vulnerability discovered ans exploit in websites.this come sin 3 flavors which are persistent,reflected,and dom based.xss can present a serious concern for websites which contain sensitive user data.
TYPES OF ATTACK
The 3 different types of xss are persistent,reflected,and dom-based.
1)persistent
this form of xss is the most dangerous
saves code to the server and permanently delivers the attack
this can most commonly be found in forms and sites which allow users to post HTML formatted data.
2)reflected
this is the most common types of xss
commonly found in HTTP query parameters or in HTML form submissions
this type of attack is most commonly used with a URL that appears to e innocent but has a xss attack located with in the link
WHY XSS IS DANGEROUS?
xss can be one of the more dangerous types of attacks due to what it can do
.
if and iframe used be and advertiser is vulnerable to xss then a large number of websites delivering that content now become vulnerable.
it can also be used to steal cookies as well as gain control over a victims browser via BEEF
it can also be used to redirect users to a malicious page or convince a user to input their important information into a form foelds generated by xss
REAL LIFE ATTACK OF XSS
MYSPACE
the samy worm took advantage of a xss vulnerability which caused people who viewed affected pages to send a friend to samy kamkar and then display a message which said "but most of all,samy is my hero"
YAHOO
a spam message with a short link to apparently harmless session of MSNBC led to account hijacking via cookie theft
Comments
Post a Comment