IEFD Ep. 13 - Website Hacking - XSS Part 2

Tags:
Disclosure Exists Full Hacking Infinity Websites Xss
Gregorpm
  • Affiliate Submitter:
    Gregorpm
  • International International
  • Comments: 0
  • Views: 305
  • Added: 10-Dec-07

In this episode of Full Disclosure we are explaining the website attack known as Cross-Site Scripting (XSS). Cross-Site Scripting is a type of security vulnerability that affects web applications that do not sanitize user input properly. This kind of vulnerability allows an "attacker" to inject HTML or client side script like JavaScript into the website. Cross-Site Scripting is most commonly used to steal cookies. Cookies are used for authenticating, tracking, and maintaining specific information about users; therefore, by stealing a user's cookies an attacker could bypass the website's access control. There are three types of XSS attacks: Persistent, Non-Persistent, and DOM-Based. In this episode we will cover Persistent and Non-Persistent Cross-Site Scripting attacks.

Part 2 of 2

www.InfinityExists.com

  1. Categories: How To
  2. Favorite On: okteve
Comments on

IEFD Ep. 13 - Website Hacking - XSS Part 2

11 Comments | Add Comment
  • awesome video :) ...

    awesome video :)
    gr8 work..
    wish 2 c ya more videos man.

    By dsuraj1 [Affiliate User] 1224072922 Reply Spam Moderate Up Moderate Down
  • Great vid, i havent ...

    Great vid, i havent seen a good cross site scripting vid in a while.

    By knight120891 [Affiliate User] 1221406356 Reply Spam Moderate Up Moderate Down
  • I will now ...

    I will now self-administer 44 lashes for dropping out of my computer classes back when the apple 2E was new...

    By isaacnd [Affiliate User] 1219481257 Reply Spam Moderate Up Moderate Down
  • wow thats so cool ...

    wow thats so cool but where did you learn all this great stuff man?

    By Steve0292 [Affiliate User] 1218036300 Reply Spam Moderate Up Moderate Down
  • this is awesome! ...

    this is awesome!

    but i have a website which converts quotes even different :( i patched it to this as search value

    /><script>alert(String.fromCharCode(65,66,67)</script>

    By kaiomatico [Affiliate User] 1217171954 Reply Spam Moderate Up Moderate Down
  • Nice vid!

    Nice vid!

    By Dima202 [Affiliate User] 1209119029 Reply Spam Moderate Up Moderate Down
  • simple using sql ...

    simple using sql injection
    and taking user and hash md5
    have you joomla component?

    By sergettotorino [Affiliate User] 1204253619 Reply Spam Moderate Up Moderate Down
  • you kick so much ...

    you kick so much ass...
    wheeeee, i got bored and was playing with the alerts lol.

    By NinjasKill112233 [Affiliate User] 1204015384 Reply Spam Moderate Up Moderate Down
  • gr8 video. thx for ...

    gr8 video. thx for sharing.

    By ideasfoundary [Affiliate User] 1203579782 Reply Spam Moderate Up Moderate Down
  • My website got ...

    My website got hacked a while ago and I think it was because I didn't filter my PHP forms. Somehow the hacker got access to the control panel of my server or else found the ftp username and password and defaced the index page.

    How would they have gone about getting my username and password?

    By BottleOFishWhiskey [Affiliate User] 1201726556 Reply Spam Moderate Up Moderate Down
  • 1337 video is 1337

    1337 video is 1337

    By henrythesteinberg [Affiliate User] 1198633475 Reply Spam Moderate Up Moderate Down
11 Comments | Add Comment