| SciLor's Open Source Forums http://forum.scilor.com/ |
|
| Cross-Site Scripting can be found everywhere... http://forum.scilor.com/viewtopic.php?f=163&t=200 |
Page 1 of 1 |
| Author: | SciLor [ Wed May 19, 2010 2:18 pm ] |
| Post subject: | Cross-Site Scripting can be found everywhere... |
You may know I recently ordered a new computer. It was a big, well known shop where I ordered all the things. I had some time and played around a bit and immediately found a XSS hole in the search function. Later on I found another hole on the products page. Some of you may not know what Cross-Site Scripting (short XSS) is. It allows you to inject any HTML/CSS/JavaScript code you want into another website. There are two types of XSS attacks: persistent and non-persistent. Persistent are the most dangerous attacks. They will allow to add a custom piece of code to an existing website. This can happen on blogs, forums, guestbooks and comment pages. Any user of the website will be attacked! Non-Persistent XSS attacks are not as dangerous as the persistent ones, because you will need to spread a link, including your bad code to your victims. So not every user of the website with the hole will be attacked. Only those who take your link to visit it. |
|
| Author: | SciLor [ Wed May 19, 2010 2:18 pm ] |
| Post subject: | Re: Cross-Site Scripting can be found everywhere... |
| Page 1 of 1 | All times are UTC + 1 hour [ DST ] |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|