Simple WebApp Cross Site Scripting (XSS) Attack

XSS, or Cross Site Scripting, is one of the biggest security risks that any web application developer or concerned client should have a good understanding of. XSS makes use of vulnerabilities in a website to inject [malicious] code. Websites are made up of many elements, including things like header information, HTML elements, and sometimes JavaScript elements. JavaScript runs on the browser, and can modify things within a webpage dynamically, and without the user actually knowing. This video explains a vulnerability on a website that includes a search box and a login form in the same view. We show how to use JavaScript to modify a form action, resulting in a complete exploit of a users credentials.

Our privacy policy: With knowledge comes power, use it wisely and in positive ways. For more information about web application security visit OWASP (Open Web Application Security Project).