Cross Site Scripting or XSS is a type of an injection attack, in which the penetration tester tries various malicious scripts in the webpage. XSS attacks occur when the attacker finds a webpage which requires input from the user and send an output without validating the input or do a proper sanitizing procedure.
It will be generally in the form of browser side script. This may cause serious problems to the end user.
Lets see how attackers use XSS .
Firstly, an attacker can use XSS to send a malicious script to the user, if the user's brower has no idea about the malicious script then the attacker can manipulate the user's browsers.
Sometimes the attacker can use the malicious script to access the cookies, session tokens or some sensitive information stored by the browers using the victim's site.
Comments
Post a Comment