Linux Today: Linux News On Internet Time.

More on LinuxToday

developerWorks: Prevent a Cross-Site Scripting Attack

Feb 09, 2004, 10:00 (0 Talkback[s])
(Other stories by Anand K. Sharma)

"Most existing browsers are capable of interpreting and executing scripts -- created in such scripting languages as JavaScript, JScript, VBScript -- that are embedded in the Web-page downloads from the Web server. When an attacker introduces a malicious script to a dynamic form submitted by the user, a cross-site scripting (XSS) attack then occurs.

"An XSS attack leads to undesirable effects. For example, the attacker gains the ability to capture the session information, peer into private user details such as ID, passwords, credit card information, home address and telephone number, social security/tax IDs, and so on. If the targeted Web site doesn't check for this type of malicious code, misuse of the user is probable..."

Complete Story

Related Stories: