Hello folks, long time no see. Well, sorry, haven't updated this blog for some times. You know why? Hectic, busy with my work.
There was a day, I was requested to rectify XSS problem in website of my company as many as possible. It was requested by our Payment Gateway partner, i.e. E-nets. The reason being is to ensure that our website is free as much as possible from malicious users, also as robust as Google, (Assume that Google is robust ^_~.
So, what actually is XSS? XSS is a type of computer type's vulnerability typically in web application. It allows a hacker to insert malicious code into your webpage.
Quite hard to visualize? Well, 大丈夫. Ok, I guess many of you got a personal Social Network Website. You might have ever left comments, testimonials or write something on his/her, wall in Facebook, haven't you?
If you have your own website, which you would like get more users to browse your website, and you have a friend, whom you dun really like, alright, u can do something on his website/Social webpage. If his/her website is not free from XSS nor his social-webpage, ah ha, here u go, you may leave a commment as below:
<img src=”http://google.com/images/logo.gif” onload=”window.location=’http://yoursite.com/’” />
And every time a user visits your friend's website or personal page, they are rudely redirected to your site. Ain't it cool......?
Reference Link
No comments:
Post a Comment