SciLor's Open Source Forums

Also visit my Website!
It is currently Thu Mar 28, 2024 10:50 pm

All times are UTC + 1 hour [ DST ]




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Wed May 19, 2010 2:18 pm 
Offline
The Developer

Joined: Wed Jan 13, 2010 11:56 pm
Posts: 1466
Donated:
You may know I recently ordered a new computer. It was a big, well known shop where I ordered all the things.
I had some time and played around a bit and immediately found a XSS hole in the search function. Later on I found another hole on the products page.

Some of you may not know what Cross-Site Scripting (short XSS) is. It allows you to inject any HTML/CSS/JavaScript code you want into another website. There are two types of XSS attacks: persistent and non-persistent.

Persistent are the most dangerous attacks. They will allow to add a custom piece of code to an existing website. This can happen on blogs, forums, guestbooks and comment pages. Any user of the website will be attacked!
Non-Persistent XSS attacks are not as dangerous as the persistent ones, because you will need to spread a link, including your bad code to your victims. So not every user of the website with the hole will be attacked. Only those who take your link to visit it.


_________________
My Windows Mobile and Windows Open Source Website:


Like my work? Donate!


My Programs:
grooveshark™.com Downloader, GrooveMobile, Fuel Blaster, Chameleon TicTacToe, QuickTap, WiMoBlue, Driving Licence Trainer, CodeSnippetViewer, Gesture Launcher, Fahrplanauskunft, GSensor Control


Top
 Profile  
 
 
Online
The Adswinger

Joined: Wed Jan 13, 2010 11:56 pm
Posts: Too many!
Donated: Ad Posts


PostPosted: Wed May 19, 2010 2:18 pm 
Offline
The Developer

Joined: Wed Jan 13, 2010 11:56 pm
Posts: 1466
Donated:

_________________
My Windows Mobile and Windows Open Source Website:


Like my work? Donate!


My Programs:
grooveshark™.com Downloader, GrooveMobile, Fuel Blaster, Chameleon TicTacToe, QuickTap, WiMoBlue, Driving Licence Trainer, CodeSnippetViewer, Gesture Launcher, Fahrplanauskunft, GSensor Control


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour [ DST ]


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
template->_php_include(): File ./counter/foruminclude.php does not exist or is empty Powered by phpBB® Forum Software © phpBB Group