How Cross Site Scripting Works

by Patrick Altoft on / no responses

Most people will have heard of XSS (Cross Site Scripting) attacks before. Many of you will understand the basics but may not have seen a real world aplication.

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Recently, vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits.

Today Jurgen Schmidt of Heise Security talks about how some of these attacks work so that we can be more prepared to deal with the worst.

In the example Jurgen has two different links, both opening the same login form. The malicious link opens the form using some JavaScript code that attaches an onSubmit event to the form. Once you enter your password it can then be transmitted to the hacker.

Security isn’t going to become a regular feature on BlogStorm but the ingenuity and simplicity of the script combined with the potential threat prompted me to post about it.

Post category: Coding

Patrick Altoft is Director of Search at Branded3, a Leeds SEO & Digital Agency specialising in SEO, Web Design, Development & Social Media.

Get daily posts direct to your inbox

You can get our blog posts delivered for free by email every day - simply add your email address to the box above, or alternatively you can grab the RSS feed.

Similar Posts

Comments

Read the 0 comments below, or add your own!

Leave a comment

Your email address will not be published. Fields marked with an asterisk are required.
 

  *

  *

You can use one of the following tags:
<a href=""><blockquote><code><em><strike><strong>