filmov
tv
Website Hacking - What is Cross Site Scripting (XSS)?
Показать описание
Cross site scripting(XSS) is a very serious issue faced by big companies like Facebook, Twitter, Google, Microsoft, etc in the past.
XSS is still a very major vulnerability faced by many websites on the Internet these days.
So, what is this Cross site scripting? Why is it soo dangerous?
In XSS, an attacker injects malicious script in a webpage’s source code. A website is vulnerable to XSS if the user input is not treated properly, and if the html tags are not escaped.
The script tag in html is used to include javascript in webpages. Javascript is browser oriented, which means your browser will execute this javascript code whatever is written in the webpage’s HTML.
A hacker can make use of XSS to inject malicious javascript. With this javascript, he can display popups on the website, deface the website, and many more….
The worst thing is that a hacker can also steal users cookies by injecting a malicious javascript code into the webpage’s HTML. What this javascript can do is, it steals the users cookies and sends it to the hacker’s database. Though no text appears once the comment is posted, the malicious javascript is actually injected to the webpage’s HTML and it is ready to steal cookies of people. If you don’t know what are cookies and how critical they are, just do a google search.
Briefly, cookies are some strings used by websites to identify their users. So, if a hacker has your cookies, he can impersonate you on that particular website. In simple words, if the hacker steals your Facebook cookies, he will be able to login to your Facebook account without entering your password.
Image If this vulnerability existed in Facebook now, taking over user’s Facebook accounts would have been as easy as making a comment under a Facebook post with a simple line of javascript! Whenever someone sees this Facebook post with your comment, their cookies are sent to your database and their account is compromised.
Obviously Facebook or Twitter or any big company is not vulnerable to this kind of simple XSS now , but there are times when these sites are actually vulnerable to this simple attack and sh*t happened!
And yes, there are many websites on the Internet which are still vulnerable to XSS. And they must be fixed ASAP to maintain their web security.
SUBSCRIBE for more videos!
Thanks for watching!
Cheers!
XSS is still a very major vulnerability faced by many websites on the Internet these days.
So, what is this Cross site scripting? Why is it soo dangerous?
In XSS, an attacker injects malicious script in a webpage’s source code. A website is vulnerable to XSS if the user input is not treated properly, and if the html tags are not escaped.
The script tag in html is used to include javascript in webpages. Javascript is browser oriented, which means your browser will execute this javascript code whatever is written in the webpage’s HTML.
A hacker can make use of XSS to inject malicious javascript. With this javascript, he can display popups on the website, deface the website, and many more….
The worst thing is that a hacker can also steal users cookies by injecting a malicious javascript code into the webpage’s HTML. What this javascript can do is, it steals the users cookies and sends it to the hacker’s database. Though no text appears once the comment is posted, the malicious javascript is actually injected to the webpage’s HTML and it is ready to steal cookies of people. If you don’t know what are cookies and how critical they are, just do a google search.
Briefly, cookies are some strings used by websites to identify their users. So, if a hacker has your cookies, he can impersonate you on that particular website. In simple words, if the hacker steals your Facebook cookies, he will be able to login to your Facebook account without entering your password.
Image If this vulnerability existed in Facebook now, taking over user’s Facebook accounts would have been as easy as making a comment under a Facebook post with a simple line of javascript! Whenever someone sees this Facebook post with your comment, their cookies are sent to your database and their account is compromised.
Obviously Facebook or Twitter or any big company is not vulnerable to this kind of simple XSS now , but there are times when these sites are actually vulnerable to this simple attack and sh*t happened!
And yes, there are many websites on the Internet which are still vulnerable to XSS. And they must be fixed ASAP to maintain their web security.
SUBSCRIBE for more videos!
Thanks for watching!
Cheers!
0:06:41
Introduction to WEBSITE HACKING!
0:08:06
how hackers hack any website in 8 minutes 6 seconds?!
0:09:06
how hackers hack any website in 9 minutes 6 seconds?!
0:08:39
4 Ways to Hack a Website!
0:34:24
he hacked my websites
0:06:01
This is How Easy it is to Hack a Website (use at your own risk) – No-Code Hacking Course part 1
0:06:09
Website Hacking in 6 Minutes
0:10:14
SQL Injections are scary!! (hacking tutorial for beginners)
0:05:41
3 Websites to Hack Website
0:23:17
how hackers hack any websites in minutes?!
0:02:56
Watch This Russian Hacker Break Into Our Computer In Minutes | CNBC
0:25:48
I legally defaced this website.
0:03:42
Check All Website Vulnerabilities with One Hacking Tool (New Way)
0:23:23
I used AI to hack this website...
0:04:36
TOP 10 WEB-HACKING TOOLS FOR BEGINNERS!!
0:06:55
Introduction to Hacking | How to Start Hacking
0:08:59
Hacking Websites with SQL Injection - Computerphile
0:17:45
Website Database Hacking using sqlmap tool | Ethical Hacking - SQL Injection Attack
0:04:34
How hackers hack any website in 4 minute 15 seconds
0:34:52
Website Hacking Demos using Cross-Site Scripting (XSS) - it's just too easy!
0:13:14
How Hackers login to any websites without password?! WordPress hacking
0:11:42
This is How Hackers Hack Websites with Zaproxy - Full Tutorial
0:19:50
Website Vulnerabilities to Fully Hacked Server
0:00:27
Hacking Knowledge
Комментарии