Skip to main content

Cross Site Scripting

Cross Site Scripting

XSS is a vulnerability when which present in websites or web applications, allows malicious users (Hackers) to insert their client side code (normally JavaScript) in those web pages. When this malicious code along with the original webpage gets displayed in the web client (browsers like chrome IE, Mozilla etc), and it is allows Hackers to gain greater access of that page.The goal of the CSS attack is to steal the client cookies, or any other sensitive information, which can identify the client with the web site. With the token of the legitimate user at hand, the attacker can proceed to act as the user in his/her interaction with the site – specifically, impersonate the user
Example :
in corsss site scrpting we can gether credit card number and private information using a CSS attack. This was achieved by running malicious Javascript code at the victim (client) browser with the access privileges of the web site These are the very limited Javascript privileges which generally do not let the script access anything but site related information. It should be stressed that although the vulnerability exists at the web site, at no time is the web site directly harmed. Yet this is enough for the script to collect the cookies and send them to the attacker. The result, the attacker gains the cookies and impersonates the victim.

What we can do sing cross site scripting

  1. stealing other user’s cookies
  2. stealing their private information
  3. performing actions on behalf of other users
  4. Showing ads in hidden IFRAMES and pop-ups
  5. Showing ads in hidden IFRAMES and pop-ups

Comments

Post a Comment

Popular posts from this blog

Certified Ethical Hacker(CEH) Official (CEH) Training and Certification Course

Certified Ethical Hacker (CEH) Official (CEH) Training and Certification Course Certified Ethical Hacker  (CEH)  Training  is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a black hate hacker, but Certified Ethical Hacker (ceh)   is work with a lawful  manner to assess the security posture of a target system(s). the  ethical hacking  certification (ceh)  have the power to provide you to better understating  of  ethical hacking  and it’s course (CEH)Certified Ethical Hacker summer Internship  Contents Introduction to Ethical Hacking Foot printing and reconnaissance Foot-printing Active (Tool Based Practical) Foot-printing Passive (Passive Approach) In-depth Network Scanning Enumeration User Identification System Hacking Password Cracking & Bypassing Viruses and Worms Trojan a...
Post a Comment
Read more

SUMMER INTERNSHIP TRAINING 2018

SUMMER INTERNSHIP 2018 CRAW Security  invites applicants or candidates for its 2018 Summer Internship Program in Computer Science, Information Security, Networking, Web Development , Software Development, Management and Marketing at its locations in New Delhi. We are seeking highly motivated students, who are interested in experiencing an exciting Summer of research. The selected students will have the opportunity to work closely with an outstanding research team on challenging problems that range from leading-edge exploratory work to prototyping real-world systems and applications. During the internship, the students will also have the opportunity to participate in the workshops, competitions, events, live projects of the largest industrial research organization in the world and network with other top students in different fields from other universities. We offer internship positions in various research. Benefits of Summer Internship 2018   ...
Post a Comment
Read more

Cyber Attack

Cyber Attack computer to computer attacks is called cyber attack Cyber attack is the type of attack which is targeted by the hacker for stealing sensitive information or data now days we can see that the cyber attack is the common thinks when you are on the internet the cyber attacker may be a professional or unprofessional so they may be work for the money or personal benefits the cyber attacker is attacks you when you are on the internet or transferring data on the internet like online banking ,online shopping the cyber attacker my stealing your password card number, account number information for personal benefit the cyber attack is the type of crime which is done by the human for personal benefit as well as for earning purpose so the cyber attacker my damage your hardware or system infrastructure or remote access or monitoring on the system the cyber attacker have some extra skills to find out the vulnerabilities on the system Who launches cyber attacks?  Class...
Post a Comment
Read more