Hacking For Beginners – Manthan Desai

2010

Cross Site Scripting (XSS)

• Cross-Site Scripting (XSS) is a type of computer security vulnerability typically found in web applications which allowcode injection by malicious web users into the web pages viewed Examples of such code include HTMLcode and client-side scripts.

• An exploited Cross-Site Scripting vulnerability can be used by access controls such as the same originpolicy. Recently, vulnerabilities of this kind have been exploited phishing attacks and browser exploits.Cross site scripting was originally referred to as CSS, although largely discontinued.

The ratio of XSS attack is very large as compared to other attacks

Example of a Cross Site Scripting attack

As a simple example, imagine a search engine site which is open to an XSS attack. The query screen of the search engine isa simple single field form with a submit button. Whereas the results page, displays both the matched results and the textyou are looking for.

Example:

Search Results for "XSS Vulnerability"

www.hackingtech.co.tv

Page 54