A cross site scripting attack works in the following manner:

* The attacker identifies a web site that has one or more XSS bugs for example, a web site that echoes the contents of a querystring.
* The attacker crafts a special URL that includes a malformed and malicious querystring containing HTML and scripts such as JavaScript.
* The attacker finds a victim and gets the victim to click on a link that includes the malformed querystring. This could simply be a link to another web page, or a link in an HTML e-mail.
* Once the victim clicks the link, the victim’s browser makes a GET request to the vulnerable server, bypassing the malicious querystring.
* The vulnerable server echoes the malicious querystring back to the victim’s browser, and the browser executes the JavaScript embedded in the response.

Explore More

What are the various methods of passive OS fingerprinting?

In passive OS fingerprinting, an attacker installs a sniffer on any third party such as a router on which the victim communicates frequently. Now he studies the sniffer’s log and

SQLi vulnerabiltiy in irrawaddy store owned by Irrawaddy Publishing Group.

PlanetCreator.Net’s Security Team Member Info Freakzz <infofreakzzz(at)gmail.com> has reported another critical SQL Injection (vulnerability) on http://www.irrawaddystore.com owned by Irrawaddy Publishing Group. These are some information from Vulneral Site http://www.irrawaddystore.com :

What are the steps for security evaluation?

The ethical hacking project comprises three phases, summarized as follows: 1. Preparation: In this phase, a formal contract that contains a non-disclosure clause as well as a legal clause to