What is Blind XSS?
Blind XSS is a flavor of cross-site scripting (XSS), where the attacker “blindly” deploys a series of malicious payloads on web pages that are likely to save them to a persistent state (like in a database, or in a log file). Then, without knowing any details about where the payloads have ended up, or if (and when) they are going to be executed, the attacker waits for the payloads to be pulled out of storage and rendered on a web page loaded by a user. Hence, unlike most XSS attacks, which are non-persistent, and rely on immediate response pages generated from the data input by the attacker in a web form or HTTP query, Blind XSS is a persistent type of XSS that relies on vulnerabilities in the code of the target web pages, which allow malicious scripts, inserted into web controls, to be saved by the server in a database or web site file. These are then “served” to other users as part of HTML page responses, without begin “sanitized” first. read more
Showing posts with label Blind XSS Impact. Show all posts
Showing posts with label Blind XSS Impact. Show all posts
Monday, 25 July 2022
Subscribe to:
Posts (Atom)
Google Launches GUAC Open Source Project to Secure Software Supply Chain
Google on Thursday announced that it's seeking contributors to a new open-source initiative called Graph for Understanding Artifact Comp...
-
The Australian Federal Police (AFP) has arrested a 19-year-old teen from Sydney for allegedly attempting to leverage the data leaked follo... -
Cryptolocker Virus Definition Cryptolocker is a malware threat that gained notoriety over the last few years. It is a Trojan horse that infe...
-
Open-source cybersecurity tools are popular with IT people who want to either test the waters or have an innovative idea to experiment with....