You are in: Home > Internet Law
What are Cross Site Scripting Attacks?
Basically, Cross Site Scripting occurs when there is malicious data found on a web application from a user. This data gets usually gathered in the form of a hyperlink containing malicious content in it. The threat occurs when the user unknowingly clicks on the link from another website. The attacker would thereby encode the malicious part to the site within encoding methods so that the request should not appear suspicious to the user when he clicks on it. Once the data gets collected by the web application, it then creates a page with the output containing malicious content, making it appear as valid as it can to the user. Today many known forum programs or guest columns enable users to submit their posts in html and JavaScript versions embedded in them.
Talking about XSS holes, or Cross Site Scripting Attacks, one product popular with many XSS holes is the PHP program PHPnuke, which is frequently targeted by attackers. These days many browsers have the capability of interpreting and executing scripts, created in languages such as JavaScript, VBScript and Jscript, and embedded in the web downloads from the server. When the user submits a dynamic form on the website, the attacker brings a malicious script to it and an XSS attack occurs. This may go up to the extent of the attacker capturing the session details, user details, credit card information, contact details, tax IDs, and so on. The targeted website needs to keep a constant check for such malicious attacks, to avoid the frequent probabilities of the latter.
In order to find out more on Minimize Site Downtime and similar website and webmaster related guides, check out Hosting Transfer.
This article is free for republishing
Source: http://www.goinglegal.com/what-are-cross-site-scripting-attacks-1930687.html
Source: http://www.goinglegal.com/what-are-cross-site-scripting-attacks-1930687.html