Website Hacking – What is Cross Site Scripting (XSS)?
iSpeech
Cross site scripting(XSS) is a very serious issue faced by big companies like Facebook, Twitter, Google, Microsoft, etc in the past.
XSS is still a very major vulnerability faced by many websites on the Internet these days.
So, what is this Cross site scripting? Why is it soo dangerous?
In XSS, an attacker injects malicious script in a webpage’s source code. A website is vulnerable to XSS if the user input is not treated properly, and if the html tags are not escaped.
The script tag in html is used to include javascript in webpages. Javascript is browser oriented, which means your browser will execute this javascript code whatever is written in the webpage’s HTML.
A hacker can make use of XSS to inject malicious javascript. With this javascript, he can display popups on the website, deface the website, and many more….
The worst thing is that a hacker can also steal users cookies by injecting a malicious javascript code into the webpage’s HTML. What this javascript can do is, it steals the users cookies and sends it to the hacker’s database. Though no text appears once the comment is posted, the malicious javascript is actually injected to the webpage’s HTML and it is ready to steal cookies of people. If you don’t know what are cookies and how critical they are, just do a google search.
Briefly, cookies are some strings used by websites to identify their users. So, if a hacker has your cookies, he can impersonate you on that particular website. In simple words, if the hacker steals your Facebook cookies, he will be able to login to your Facebook account without entering your password.
Image If this vulnerability existed in Facebook now, taking over user’s Facebook accounts would have been as easy as making a comment under a Facebook post with a simple line of javascript! Whenever someone sees this Facebook post with your comment, their cookies are sent to your database and their account is compromised.
Obviously Facebook or Twitter or any big company is not vulnerable to this kind of simple XSS now , but there are times when these sites are actually vulnerable to this simple attack and sh*t happened!
And yes, there are many websites on the Internet which are still vulnerable to XSS. And they must be fixed ASAP to maintain their web security.
Visit my website : https://techraj156.com
Like my Facebook Page : https://fb.com/techraj156
Follow me on Instagram : https://instagram.com/teja.techraj
Follow on Twitter : https://twitter.com/techraj156
For written tutorials, visit my blog : http://blog.techraj156.com
SUBSCRIBE for more videos!
Thanks for watching!
Cheers!
2018-06-13 04:00:05
source
Gloss