Cross site scripting attack, is a quite new technique around the website attacks and it's very common technique today.
Cross site scripting vulnerabilities are associated with two another web scripting techniques: XSS and CSS. The first one is preferred over the use of the second one. Usually a website that uses dynamic content are the only websites that can have a Cross Site Scripting vulnerability. There are two ways of XSS attacks. Reflected and stored.
The malicious user has discovered that a field within a website or web application holds a XSS vulnerability. This malicious user then crafts a way to use the vulnerability to execute something malicious to some unknown user. Reflected XSS vulnerabilities occur when a unknowing user is directed to a web application that has a XSS vulnerability, by the malicious user. Once the unknowing user gets to the web site or application the malicious user's attack is executed.
The attack is crafted by a series of url parameters that are sent via a url. The malicious user then sends his/her malicious url with the url parameters to unknowing users. This is typically sent by email, instant messages, blogs or forums, or any other possible methods.
Stored Cross Site Scripting vulnerability is a variety of attack where the malicious user can store some attack which will be called and executed in later time. So this kind of attack as a storage uses some databases.Stored Cross Site Scripting vulnerabilities typically are more dangerous than reflected. The reason being is that the reflected attack is a dynamic attack, while the stored attack can just be set once.
Brak komentarzy:
Prześlij komentarz