What is XSS?

Hi there, today I will introduce you to a type of web vulnerability found on most servers on the internet. It is called Cross site scripting.

Cross site scripting (commonly known as an XSS attack) is a form of gaining access to a person’s browser cookies and session ids therefore compromising his/her privacy.

You may be asking yourself HOW?

Well, it’s basically a code injection attack that allows an attacker (in this case a black hat hacker) to execute a malicious JavaScript or PHP code snippet in a user’s browser.

The hacker does not need to have access to the victim’s system. The attacker, instead exploits a vulnerability  (in this case XSS) in a website that the victim visits in order to get the website to execute the malicious code to the victim’s browser. The victim’s browser takes the codento be from the website itself hence the code is executed by the victim’s browser since it seems to originate fron the server the victim is connected to.

The main goal of an XSS attack is to execute malicious code snippets in the victim’s browser.

That is all for today. See you next time where I will discuss about the various types of XSS attacks.

Don’t forget to follow me so as to never miss out on anything.

Disclaimer: The content on this blog should he used purely for education purposes or by security researches and system admins to fix XSS vulnerabilities on their systems. I shall not be held liable for the wrong use of these techniques.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s