Cross site scripting attack

Cross site scripting, otherwise known as XSS is a code injection attack allowing the injection of malicious code into a website. XSS is currently one of the most common website attacks, with almost every website requiring the user to have JavaScript turned on as well as large websites and services that have large amounts of input fields that could potentially be vulnerable rather than being an attack on the website itself.

XSS uses the website as a means to attack the users of that website when you can get your XSS permanently on a website all those who visit that page will have the JavaScript executed by their browser, this can lead to some very serious damage.

It can used to steal users’ cookies, allowing for someone to use the website pretending to be that user and access the site list if they are logged in as the target user. You could also modify the page after it arrives at the user’s browser changing links to malware downloads or editing the look of the website, it can be used to send you to a completely different website where you may have your login details and take data with you.

Pay attention to all the hyperlinks that you may visit to pretend the attack!