Please tell me what is cross-site scripting and how is it harmful for your application.

Question

Please tell me what is cross-site scripting and how is it harmful for your application?

Anonymous User · Answer

XSS :and Cross-Site Scripting (XSS) is like as hacking attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. The result of XSS may range from petty nuisance like displaying an alert box to a significant security risk like stealing session cookies. Cross-Site Scripting (also referred to as XSS) is a kind of vulnerability that occurs when some hacker injects malicious code (ideally script) inside a web page or the database. OR XSS (cross-site scripting or cross-site security) is known as a type of security attack where the attacker injected the malicious code at the time of entering the data. If the hacker once gives these codes injected into the end user's browser. And if this code run on then it makes access to cookies, sessions, local files, etc. easier.What an attacker can do? and ByPassing Logins and Accessing secret data and Modifying contents of the website and Shutting down the My SQL server These are some of the ways to use xss on your application that the attackers often use such as -1). XSSStandard XSSDOM-Based XSS2). HTML AND CSS.and 3). Scripting Languages or Codes.JavascriptVB scriptand Othe scripting languages etc.4). SQL Injection.and 
Bypass Login Screen :Problems and SolutionXSS attacks can generally be categorized into two categories: 
•Stored and 
 {
and and and Stored attacks are those where the injected script is permanently stored on the target servers, 
and and and Such as in a database, 
and and and In a message forum, 
and and and Visitor log, 
and and and Comment field, etc. 
and and and The victim then retrieves the malicious script from the server when it requests the stored information.
 }
•Reflected.
 {
 Reflected attacks are those where the injected script is reflected off the web server, 
 Such as in an error message, 
 The search result, or any other response that includes some or all of the input sent to the server as part of the request.
 Such as in an e-mail message, or on some other website.
 }Solution1). The best way to find flaws is to perform a security review of the code and search for all places where input from an HTTP request could possibly make its way into the HTML output.
2). Note that a variety of different HTML tags can be used to transmit a malicious JavaScript.
And another solution is like as -1). Escaping and and and 2). Validating Inputand and and 3). Sanitizingand and and 4). You MUST use the escape syntax for the part of the HTML document you're putting untrusted data into.Vulnerabilities by Type
13). Denial of service
12). xml external entity
11). open redirect
10). general bypass
09). authentication bypass
08). remote file inclusion
07). full path disclosure
06). remote code execution
05). local file inclusion
04). cross-site request forgery
03). file upload
02). SQL injection
01). cross-site scriptingThe overall solution is in one word " Information is the only defense "Thanks...!!! for reading this forum.....if any suggestion pleaseand comment.More Read...http://answers.mindstick.com/qa/51738/what-is-the-cross-site-scripting-and-how-it-can-harmful-for-your-application

forum

Please tell me what is cross-site scripting and how is it harmful for your application?

Anonymous User

1 Answers

Problems and Solution

Solution

Vulnerabilities by Type

Liked By