Security Xss Impact
// Security - Cross Site Scripting - Impact Some attackers are financially motivated and would look to compromise credit card or bank account information. Some attackers are politically or socially motivated and may look to deface a page, impacting a company's reputation as a form of protest. Or even attackers may be hired by a competitor to target user accounts with a goal of accessing your data as a form of corporate espionage. Here are some of the impacts of XSS attacks: 1. Arbitrary requests: An attacker can use XSS to send requests that appear to be from the victim to the web server. Example of this is transferring fund, or approving a transaction, action, requests, without the victim's knowlegde. 2. Malware download: XSS can prompt the user to download malware. Since the prompt looks like a legitimate request from the site, the user may be more likely to trust the request and actually install the malware. 3. Log keystrokes — The attacker can monitor keyboard entries, possibly finding usernames and passwords to access accounts at later dates.
page revision: 0, last edited: 01 Jan 2017 21:55