Skip to main content

Cross Site Scripting

Cross Site Scripting

XSS is a vulnerability when which present in websites or web applications, allows malicious users (Hackers) to insert their client side code (normally JavaScript) in those web pages. When this malicious code along with the original webpage gets displayed in the web client (browsers like chrome IE, Mozilla etc), and it is allows Hackers to gain greater access of that page.The goal of the CSS attack is to steal the client cookies, or any other sensitive information, which can identify the client with the web site. With the token of the legitimate user at hand, the attacker can proceed to act as the user in his/her interaction with the site – specifically, impersonate the user
Example :
in corsss site scrpting we can gether credit card number and private information using a CSS attack. This was achieved by running malicious Javascript code at the victim (client) browser with the access privileges of the web site These are the very limited Javascript privileges which generally do not let the script access anything but site related information. It should be stressed that although the vulnerability exists at the web site, at no time is the web site directly harmed. Yet this is enough for the script to collect the cookies and send them to the attacker. The result, the attacker gains the cookies and impersonates the victim.

What we can do sing cross site scripting

  1. stealing other user’s cookies
  2. stealing their private information
  3. performing actions on behalf of other users
  4. Showing ads in hidden IFRAMES and pop-ups
  5. Showing ads in hidden IFRAMES and pop-ups

Comments

Post a Comment

Popular posts from this blog

Certified Ethical Hacker(CEH) Official (CEH) Training and Certification Course

Certified Ethical Hacker (CEH) Official (CEH) Training and Certification Course Certified Ethical Hacker  (CEH)  Training  is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a black hate hacker, but Certified Ethical Hacker (ceh)   is work with a lawful  manner to assess the security posture of a target system(s). the  ethical hacking  certification (ceh)  have the power to provide you to better understating  of  ethical hacking  and it’s course (CEH)Certified Ethical Hacker summer Internship  Contents Introduction to Ethical Hacking Foot printing and reconnaissance Foot-printing Active (Tool Based Practical) Foot-printing Passive (Passive Approach) In-depth Network Scanning Enumeration User Identification System Hacking Password Cracking & Bypassing Viruses and Worms Trojan a...
Post a Comment
Read more

SUMMER INTERNSHIP TRAINING 2018

SUMMER INTERNSHIP 2018 CRAW Security  invites applicants or candidates for its 2018 Summer Internship Program in Computer Science, Information Security, Networking, Web Development , Software Development, Management and Marketing at its locations in New Delhi. We are seeking highly motivated students, who are interested in experiencing an exciting Summer of research. The selected students will have the opportunity to work closely with an outstanding research team on challenging problems that range from leading-edge exploratory work to prototyping real-world systems and applications. During the internship, the students will also have the opportunity to participate in the workshops, competitions, events, live projects of the largest industrial research organization in the world and network with other top students in different fields from other universities. We offer internship positions in various research. Benefits of Summer Internship 2018   ...
Post a Comment
Read more

User Enumeration

User Enumeration User Enumeration in the enumeration phase attacker creates and performs activities connections to system and perms directed queries to gain more information about the taget attackers use extracted information to identify system attack point and perform password attacks to gain unauthorized access to information system resources. Enumeration pen testing Enumeration Pen Testing in order to enumerate important servers find the network range using tools such as “whoise lookup” calculate the subnet mask required for the ip range using subnet mask calculators that can be given as an input to many of the ping sweep and port scanning tools perform port scanning to check for the open ports on the nodes using such as nmap
Post a Comment
Read more