Hi,
From today onwards we are going to have Chapters for Application
Security. Hope every one will put there expertise and make this
Chapter a fully informative.
Lets, GoAhead with XSS (Cross Site Scripting)
Cross Site Scripting is a browser exploit taking advantage of a
vulnerability within a zone-based security solution.
The attack allows content (scripts) in unprivileged zones to be
executed with the permissions of a privileged zone - i.e.
a privilege escalation within the client (web browser) executing the
script.
The attack can occur on:
* a web browser (HTTP Client) vulnerability which under some
conditions allows content (scripts)
to be executed with the permissions of a higher privileged
zone(Administrator).
* a web browser configuration error; unsafe sites listed in
privileged zones.
* a cross-site scripting vulnerability(from Web Application)
within a privileged zone
The common attack scenario involves two steps:
i. To use XSS vulnerability and execute scripts within a
privileged Zone. The Script may be any JS(JavaScript) which
performs some malicious action.
ii. Hit the vulnerability using ActiveX components( PC gets
Compromised).
Such Vulnerabilities has been exploited and silently installed various
MALWARES ( such as Remote control Software, Worms, Viruses, Trojans,
Keyloggers, etc..)
All such things happens when a user Browses a malicious Web Page.
Finally, Use a Safer Web Browser and Surf a Safer Web Site.
*** If any one would like to add points for this topic, All are
welcome.
Regards,
0xN41K
--
You received this message because you are subscribed to the Google Groups
"nforceit" group.
To post to this group, send an email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/nforceit?hl=en-GB.
