You may know I recently ordered a new computer. It was a big, well known shop where I ordered all the things. I had some time and played around a bit and immediately found a XSS hole in the search function. Later on I found another hole on the products page.
Some of you may not know what Cross-Site Scripting (short XSS) is. It allows you to inject any HTML/CSS/JavaScript code you want into another website. There are two types of XSS attacks: persistent and non-persistent.
Persistent are the most dangerous attacks. They will allow to add a custom piece of code to an existing website. This can happen on blogs, forums, guestbooks and comment pages. Any user of the website will be attacked! Non-Persistent XSS attacks are not as dangerous as the persistent ones, because you will need to spread a link, including your bad code to your victims. So not every user of the website with the hole will be attacked. Only those who take your link to visit it.
_________________ My Windows Mobile and Windows Open Source Website:
Like my work? Donate!
My Programs: grooveshark™.com Downloader, GrooveMobile, Fuel Blaster, Chameleon TicTacToe, QuickTap, WiMoBlue, Driving Licence Trainer, CodeSnippetViewer, Gesture Launcher, Fahrplanauskunft, GSensor Control
|