Home » Security

Cross Site Scripting (XSS) Security Vulnerability

Have you ever mistyped a website name and got 404 error ? I am sure you have seen that.You try to access a site which does not exists and returns you an error.Well its the server which is returning you this, What if it returned you a page asking you to provide authentication of one your gmail account and you give it!!!

Welcome to the final post of Security Vulnerability Series

Cross Site Scripting or XSS as termed by the security geeks is one of the potential danger internet world is going to face now.Lets take an example.

You are on a famous online shopping site.Now every site runs advertisements.What if some bad guy say “Mr BAD” puts an advertisement which attracts you to bid.Now hen you click on it it asks you for the same site login and password so you can buy the item.You think its ok as it came from the same site.

So you enter your user name and password.Then it redirects you to same site showing more products.What happened? You gave your user name and password and that “Mr.Bad” can access your login change a lot of things and see your credit card no and others .

A CSS vulnerability is caused by the failure of a site to validate user input before returning it to the client’s web-browser. The essence of cross-site scripting is that an intruder causes a legitimate web server to send a page to a victim’s browser that contains malicious script or HTML of the intruder’s choosing. The malicious script runs with the privileges of a legitimate script originating from the legitimate web server.

How to avoid XSS or Cross Site Scripting ?

  • Best is when you see some information of other site, say CNN.com, Visit the site directly and use the search engines to find it.This will eliminate 90% of the problem.Emails and others can recognize the CSS problems.
  • You can disable scripting from your browser, as most of this are based on scripts which run within your browsers.
  • You can choose signed scripting, so if any scripts are not signed will never run.
  • Inform the web,master about it so others can also be protected.

If you want to read more about it.Visit this page which can also give you technical details of XSS -FAQ.

You can also check out my security archive for more on security

Tagged with: | Need more help ? Ask your Questions at our Support Center | Follow us on Twitter @TSNW or Facebook
Facebook Share Print This Post

Posted on 24th March 2007 by Ashish Mohta , A Professional Tech blogger, Editor and Writer who talks about solving day to day problems of people who use computer. He also writes on How to use the applications like Office, PC tips, Online tools,Browsers and more. All posts by Ashish Mohta | Connect with me @ Twitter | Linkedin | Facebook | Stumble

Leave your response!

Be nice. Keep it clean. Stay on topic. No spam.