Created
November 22, 2015 18:13
-
-
Save philpoore/c9cdc6ab909b0835e01e to your computer and use it in GitHub Desktop.
XSS Example
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| XSS Example | |
| =========== | |
| Okay so an example of one way that websites can be insecure is XSS. | |
| By all means read more on wiki. | |
| XSS == Cross Site Scripting | |
| It works like this.... | |
| Say for example so persons website has a comment box... | |
| When you type a comment it appears on the screen. | |
| Say for example the website builder didnt know about the dangers of XSS, and he didnt "sanitise" his input from the comment box before showing on the site. | |
| He's just exposed every single person on that website to XSS attacks. | |
| An attacker could type into the comment box something like: | |
| "<script>alert("This comapny has stopped trading.");</script>" | |
| in the comment box. | |
| The server would show this html as a comment on the site and the javascript inside would run. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lots of examples of XSS
https://en.wikipedia.org/wiki/Cross-site_scripting