Phantasm66
Posts: 4,909 +8
My new thing I'm into is Cross Site Scripting (XSS). This is how you manipulate URLs and user input into Web Applications in order to exploit security holes. Even the websites of major banks have these kinds of problems.
A forum like this is a prime example, where some kind of malicious code could be injected into the page - say in a post - and executed by everyone who visits the page.
http://en.wikipedia.org/wiki/XSS
Watch the movie !!! : http://ruslug.rutgers.edu/downloads/geek-movies/whiteHat_hacking_intranets.mp4
A forum like this is a prime example, where some kind of malicious code could be injected into the page - say in a post - and executed by everyone who visits the page.
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Recently, vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits.
http://en.wikipedia.org/wiki/XSS
Watch the movie !!! : http://ruslug.rutgers.edu/downloads/geek-movies/whiteHat_hacking_intranets.mp4