Learn Web Hacking 2.00 XSS intro
In this article, I want to talk about Cross-site scripting attacks. This attack is ranked 7 in the OWASP top ten and it's define as such.
A7: Cross-site scripting (XSS)
XSS happens when the user can send untrustred data to the web application without the page validating the data or escaping unsafe characters.
XSS is mostly define as three types.
The malicious code is executed and sent back to the user with an URL or a search bar for example.
The malicious code is injected on the website in a comment box or username field for example. Every time a user go and see the malicious comment, the code is executed.
This time, the malicious code is interpreted by the DOM environment.
This is a brief overview of XSS as this subject can go very large. In the next article I will show you how to set-up the environment to test and learn about XSS.
The information provided on hacking is to be used for educational purpose only. The creator is in no way responsible for any misuse of the information provided. All the information provided is meant to help the reader develop a hacker defense attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. The word "Hacking" should be regarded as "Ethical hacking". You implement the information given at your own risk