[ Thanks to Nobody for this link.
]
“Site tasks are usually linked to specific urls (Example:
http://site/stocks?buy=100&stock=ebay) allowing specific
actions to be performed when requested. If a user is logged into
the site and an attacker tricks their browser into making a request
to one of these task urls, then the task is performed and logged as
the logged in user. Typically you’ll use Cross Site Scripting to
embed an IMG tag or other HTML/JavaScript code to request a
specific ‘task url’ which gets executed without the users
knowledge. These sorts of attacks are fairly difficult to detect
potentially leaving a user debating with the website/company as to
whether or not the stocks bought the day before we initiated by the
user after the price plummeted.”
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.