How Cross Site Scripting Works
Most people will have heard of XSS (Cross Site Scripting) attacks before. Many of you will understand the basics but may not have seen a real world aplication.
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Recently, vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits.
Today Jurgen Schmidt of Heise Security talks about how some of these attacks work so that we can be more prepared to deal with the worst.
Security isn’t going to become a regular feature on BlogStorm but the ingenuity and simplicity of the script combined with the potential threat prompted me to post about it.