Security Xss Danger


// Security - Cross Site Scripting - Dangers of XSS attacks:

1. Session Compromise: An attacker can use XSS to send themselves the contents 
   of any cookies for the site (that are not marked  with an HttpOnly flag). 
   This most often means session cookies, which can be used to gain access to 
   the users account and data.

2. Arbitrary Requests: You'll learn about this attack in a later section, but 
   XSS bypasses CSRF protections and lets the attacker send requests to the web 
   server masquerading as the user.

3. Malware Download: XSS can prompt the user to download malware. Since it looks 
   like a legitimate request from the site, the user may be more likely to trust 
   the request and actually install the Malware.

4. Log Keystrokes: The attacker can monitor keyboard entries, possibly finding 
   usernames and passwords.

As you can imagine, the above items when taken together can often be used to 
fully compromise the user's account. If the attack is used against a system 
administrator, the attacker may gain a large amount of additional access.
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License