Showing posts with label Blind XSS Impact. Show all posts
Showing posts with label Blind XSS Impact. Show all posts

Monday 25 July 2022

Blind XSS Impact

What is Blind XSS?

Blind XSS is a flavor of cross-site scripting (XSS), where the attacker “blindly” deploys a series of malicious payloads on web pages that are likely to save them to a persistent state (like in a database, or in a log file). Then, without knowing any details about where the payloads have ended up, or if (and when) they are going to be executed, the attacker waits for the payloads to be pulled out of storage and rendered on a web page loaded by a user. Hence, unlike most XSS attacks, which are non-persistent, and rely on immediate response pages generated from the data input by the attacker in a web form or HTTP query, Blind XSS is a persistent type of XSS that relies on vulnerabilities in the code of the target web pages, which allow malicious scripts, inserted into web controls, to be saved by the server in a database or web site file. These are then “served” to other users as part of HTML page responses, without begin “sanitized” first. read more
at No comments:
Labels:
Subscribe to: Posts (Atom)

Google Launches GUAC Open Source Project to Secure Software Supply Chain

Google on Thursday announced that it's seeking contributors to a new open-source initiative called Graph for Understanding Artifact Comp...

  • Script Kiddie
      What is a Script Kiddie? A script kiddie, or skid, is a term that describes a young hacker who has much to learn yet acts as if he or she ...
  • Cryptolocker Virus
    Cryptolocker Virus Definition Cryptolocker is a malware threat that gained notoriety over the last few years. It is a Trojan horse that infe...
  • Hacktivism
      What is hacktivism? Hacktivism is the act of misusing a computer system or network for a socially or politically motivated reason. Individ...