Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Cross-Site Scripting Explored > Cross-Site Scripting Explored - Pg. 27

Cross-Site Scripting Explored 27 then infect and the number of bank accounts he could compromise. Sounds a little scary, doesn't it? Guess what? This can happen through the use of cross-site scripting (XSS). CRoSS-SITE SCRIPTINg ExPLoREd Oh, the wonderful world of XSS. We hear about XSS all the time, but what is it? XSS is an attack that forces a user's Web browser to execute an attacker's code. In other words, the user is the intended victim, and the vulnerable Web site is the conduit for the attack. Pretty cool, huh? Think about it then, if an attacker was able to find XSS vulnerability in a popular social networking site, how many potential victims are possible? The answer is simple: millions. XSS-style attacks have become one of the most predominant attacks using social networking sites. Samy was the first well-known XSS worm to utilize social networks. The Samy worm spread by exploiting a persistent XSS vulnerability in's per- sonal profile Web page template. (XSS types are defined a little later in the section