Cross Site Scripting Creates Huge Web Security Hole
Source: Computer Currents - Posted by LinuxSecurity.com Team   
Host Security There is a significant security hole which cuts across all web browsers on all platforms, Cross Site Scripting (CSS). At its core CSS is about injecting malicous code (such as Javascript) into dynamically generated web pages. A simple . . . There is a significant security hole which cuts across all web browsers on all platforms, Cross Site Scripting (CSS).

At its core CSS is about injecting malicous code (such as Javascript) into dynamically generated web pages. A simple example of this given by CERT would be a search tool in which the text a user types in is displayed back to them after submitting the content. If the text entered was valid JavaScript code then the program could execute in the user's browser. The end result of a well designed malicious script could be anything from displaying garbage text to swiping credit card information off of the user's computer.

The reason this attack has been dubbed Cross Site Scripting is because security experts suggest that the most likely attack scenario would be that malicous code embedded in the hypertext link of one page points to a dynamically generated page on another site, where it gets executed.

Read this full article at Computer Currents

Only registered users can write comments.
Please login or register.

Powered by AkoComment!