Cross-site scripting (XSS) is a security vulnerability typically found in web applications. Its a type of injection which can allow an attacker to execute malicious scripts and have it execute on a victims machine.<br><br>A web application is vulnerable to XSS if it uses unsanitized user input. XSS is possible in Javascript, VBScript, Flash and CSS.<br><br>The extent to the severity of this vulnerability depends on the type of XSS, which is normally split into two categories: persistent/stored and reflected. Depending on which, the following attacks are possible:<br><br> Cookie Stealing - Stealing your cookie from an authenticated session, allowing an attacker to login as you without themselves having to provide authentication.<br><br> Keylogging - An attacker can register a keyboard event listener and send all of your keystrokes to their own server.<br><br> Webcam snapshot - Using HTML5 capabilities its possible to even take snapshots from a compromised computer webcam.<br><br> Phishing - An attacker could either insert fake login forms into the page, or have you redirected to a clone of a site tricking you into revealing your sensitive data.<br><br> Port Scanning - You read that correctly. You can use stored XSS to scan an internal network and identify other hosts on their network.<br><br> Other browser based exploits - There are millions of possibilities with XSS.<br><br>Who knew this was all possible by just visiting a web-page. There are measures put in place to prevent this from happening by your browser and anti-virus.<br><br>This room will explain the different types of cross-Site scripting, attacks and require you to solve challenges along the way.
正在翻譯中..