Cross-site scripting
• Cross-Site Scripting (XSS) is a type of computer security
vulnerability typically found in web applications which allow
code injection by malicious web users into the web pages viewed
by other users. Examples of such code include HTML code and
client-side scripts.
• An exploited Cross-Site Scripting vulnerability can be used by
attackers to bypass access controls such as the same origin
policy. Recently, vulnerabilities of this kind have been exploited
to craft powerful phishing attacks and browser exploits. Crosssite
scripting was originally referred to as CSS, although this
usage has been largely discontinued.
Directory Traversal Attack
• Directory traversal attacks allow malicious users to literally
"traverse" the directory and bypass the access control list to gain
access to restricted files and even manipulate data.
• These attacks are HTTP exploits that begin with a simple GET
or other type of HTTP request from a dynamic page. If your
Web site is vulnerable, and chances are it is, the server will return
with a file that hasn't been properly validated. A malicious user
will then send a request for a file one or more directories up by
adding one or more "../" directives to the string. Each "../"
instructs the page to "go up one directory."
referred from articles and books.
No comments:
Post a Comment