A cross site scripting attack works in the following manner:

* The attacker identifies a web site that has one or more XSS bugs for example, a web site that echoes the contents of a querystring.
* The attacker crafts a special URL that includes a malformed and malicious querystring containing HTML and scripts such as JavaScript.
* The attacker finds a victim and gets the victim to click on a link that includes the malformed querystring. This could simply be a link to another web page, or a link in an HTML e-mail.
* Once the victim clicks the link, the victim’s browser makes a GET request to the vulnerable server, bypassing the malicious querystring.
* The vulnerable server echoes the malicious querystring back to the victim’s browser, and the browser executes the JavaScript embedded in the response.

Explore More

Local File Inclusion (LFI) tutorial

This tutorial will guide you into the process of exploiting a website through the LFI (Local File Inclusion). First lets take a look at a php code that is vulnerable

Read More

Targets of a Hack Attack

Hacker interests lie in many types of computers on the Internet. Following is a discussion of the types of targets and their appeal to the perpetrators.Corporate Networks Corporate computers are

Read More

Wi-Fi Network Loopholes That Hackers Exploit – Plug Them and Avoid Troubles!

With the increasing number of wi-fi home or small office networks mushrooming all over the place, the hackers are having a field day. The hackers break-in at will and carry

Read More