What A Malicious XSS Code Can Do To Your Browser

Hey over there.

As I promised you the last time, today I will be telling you the dangers of this XSS codes and what they access and send your important user credentials (such as passwords and usernames) to unwanted people.

XSS attacks on a server or website enables the attacker to perform th following types of attacks on a victim:

  • Cookie theft: When I talk about cookie theft, I do not mean the cookies that we eat. Click on this link What are cookies? to know what cookies are. The attacker can access the victim’s cookies associated with that particular website using  documentCookie and sending the cookies to his own server to extract the victim’s sensitive information such as session IDs, usernames, email address and even the victim’s password!! 
  • Keylogging: The attacker can also execute a virtual keylogger by using the JavaScript addEventListener which will record and send all of the user’s keystrokes to the attacker’s server. This may be used to get the victim’s sensitive information such as passwords and credit card numbers!
  • Phishing: The attacker may insert a fake login form into the page using the JavaScript function DOM and manipulating this function to set the form’s action attribute to target his(attacker’s server) and then trick the user into submitting sensitive information such as username-password combination. In this kind of phishing attack, the websites addreass is usually legitimate hence this kind of phishing attack is very difficult to detect.

    That is all there is for today. Next time I will be showing you how to perform a simple XSS attack and how to patch such vulnerabilities. See you till then.

    Don’t forget to follow me so as to never miss out on anything.

    Disclaimer: The content on this blog should he used purely for education purposes or by security researches and system admins to fix XSS vulnerabilities on their systems. I shall not be held liable for the wrong use of these techniques.

    Advertisements

    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out / Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out / Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out / Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out / Change )

    Connecting to %s