application to do something it wasn’t intended to do. XSS attacks are very popular and some of the biggest
websites have been affected by them including the FBI, CNN, Ebay, Apple, Microsft, and AOL. Some
website features commonly vulnerable to XSS attacks are:
• Search Engines
• Login Forms
• Comment Fields
There are three types of XSS attacks:
1. Local – Local XSS attacks are by far the rarest and the hardest to pull off. This attack requires an exploit
for a browser vulnerability. With this type of attack, the hacker can install worms, spambots, and backdoors
onto your computer.
2. Non-Persistent – Non-persistent attacks are the most common types of attack and don’t harm the actual
website. Non-persistent attacks occur when (- a scripting language that is used for client-side web
development.) or HTML is inserted into a variable which causes the output that the user sees to be
changed.
Non-persistent attacks are only activated when the user visits the URL crafted by the attacker.
3. Persistent – Persistent attacks are usually used against web applications like guest books, forums, and
shout boxes. Some of the things a hacker can do with a persistent attacks are:
• Steal website cookies (Cookies are used by web browsers to store your user information so that you can
stay logged into a website even after you leave. By stealing your cookie, the attacker can sometimes login
without knowing your password.)
• Deface the website
• Spread Worms
No comments:
Post a Comment