PHP Exploitation Sample Xss Vulnerability and real exploit: cookie harvester
Text to Speech
Cross-site scripting (XSS) is one of the most dangerous and most often found vulnerabilities related to web applications. Security researchers have found this vulnerability in most of the popular websites, including Google, Facebook, Amazon, PayPal, and many others. If you look at the bug bounty program closely, most of the reported issues belong to XSS. To prevent cross-site scripting, browsers also have their own filters, but security researchers always find ways to bypass those filters. This vulnerability is generally used to perform cookie stealing, malware spreading, session hijacking, and malicious redirection. In this attack, the attacker injects malicious JavaScript code into the website so that the browser executes the script and performs action as commanded by the attacker in the script. The vulnerability is easy to find but hard to patch. This is why it can be found in any website if you try.
In this post, we will see what a cross-site scripting attack is and how to create a filter to prevent it. We will also see few open source libraries that will help you in patching Cross-site Script vulnerability in your web application.
2016-02-29 09:47:54
source
Gloss