-
June 22nd, 2002, 04:13 PM
#1
Cross Site Scripting Vulnerability
Ive got a question about Cross Site Scripting Vulnerability.
its a common mistake to create a Cross Site Scripting Vulnerability that allows an attacker to insert some <script> commands into a page, but my question is how can attacker use it for making any damage?
The <script> commands that the attacker would insert into the HTML page will run on the client side (the attacker side), and wont run on the server. therefor, it wont hurt the server, it will only hurt the client.
The worst thing i can think of in this kind of attack is using a Cross Site Scripting Vulnerability to insert <script> commands into forums, or things other users will see, and then all the users will activate the <script> commands. but again, what harm can really be done by running HTML code?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|