What are Cross Site Scripting Attacks?
By: shilpa dws | Posted: 05th January 2011
Nowadays websites have become increasingly popular yet complex than ever, with a lot of content made dynamic to make it more user-friendly, enjoyable to the user, by using web applications that delivers different output depending upon the user’s needs and settings. Such dynamic websites are often prone to threats as compared to static websites, known as “Cross Sit Scripting” or CSS. People many a times confuse CSS with Cascading Style Sheets, also abbreviated as CSS. Therefore, many security people refer Cross Site Scripting as XSS. For instance, if someone talks about an XSS hole, it is certainly about Cross Site Scripting, and not Cascading Style Sheets.
Basically, Cross Site Scripting occurs when there is malicious data found on a web application from a user. This data gets usually gathered in the form of a hyperlink containing malicious content in it. The threat occurs when the user unknowingly clicks on the link from another website. The attacker would thereby encode the malicious part to the site within encoding methods so that the request should not appear suspicious to the user when he clicks on it. Once the data gets collected by the web application, it then creates a page with the output containing malicious content, making it appear as valid as it can to the user. Today many known forum programs or guest columns enable users to submit their posts in html and JavaScript versions embedded in them.
Talking about XSS holes, or Cross Site Scripting Attacks, one product popular with many XSS holes is the PHP program PHPnuke, which is frequently targeted by attackers. These days many browsers have the capability of interpreting and executing scripts, created in languages such as JavaScript, VBScript and Jscript, and embedded in the web downloads from the server. When the user submits a dynamic form on the website, the attacker brings a malicious script to it and an XSS attack occurs. This may go up to the extent of the attacker capturing the session details, user details, credit card information, contact details, tax IDs, and so on. The targeted website needs to keep a constant check for such malicious attacks, to avoid the frequent probabilities of the latter.
In order to find out more on Minimize Site Downtime and similar website and webmaster related guides, check out Hosting Transfer.This article is free for republishing
Printed From: http://www.goinglegal.com/what-are-cross-site-scripting-attacks-1930687.html
Back to the original article
Tags: hyperlink, cascading style sheets, web applications, attackers, web application, attacker, static websites, dynamic websites