Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Java ---- Javascript
- --------------------
- Java --> software programming language
- Javascript --> browser language--- front end developing language....
- box ---> do you want to leave the webpage----> java script
- prompt box
- alert box
- HTML + java script
- for using javascript---> i will use a tag---> <script>.......</script>
- document.write
- document.cookie
- getElementById
- fuctions
- loops
- conditions
- XSS---> Cross Site Scripting
- ----------------------------
- Based upon javascript
- i can use any html tag with script tag so that i can go for the juicuy data of the user's web page
- **** JavaScript should be enabled on the user's browser
- what i can do with XSS
- ----------------------
- 1. Deface the website
- 2. Steal the cookies
- 3. Steal the Confidential data
- 4. I can Redirect any user to my malicious website
- comments, serach boxes, feedback, reviews
- Types of XSS
- ------------
- 1. Reflected XSS
- 2. Stored XSS
- 1. Reflected Cross Site Scripting
- ----------------------------------
- That my malicious code will go away when the user will refresh the web page.It is one time use only.
- 2. Stored Cross Site Scripting
- -------------------------------
- My malicious code will be stored in the database of the server, website.... it will be there untill and unless my DBA will not remove it or reset the database.... I can use it everytime when a user is entering the webpage.
- 1. <script lang=eng>
- 2. <ScRiPt>
- 3. ----> <scr<script>ipt>
- <script>
- Broken Authentication And Session Management
- ---------------------------------------------
- Session Management ----> e-banking sites, irctc....
- when a user is not active for sometime... they will log you out.... please login again to continue......
- PAYTM.... if i open my account at 2 places,,,,, wo tb bhi bork krta h.... ebanking and irctc... bhai log out h.... session expire
- Broken Authentication ---> ek h capta ko bar bar repeat krna.... cookies ko proper manage na krna..... bar bar meri cookies ko send krna....
- security:low
- session iD =mmjbsdcoiuawbdfvpie
- user name:abhijeet
- password:hacker
- good cookie:
- sessionID=aewrgwergewrgewrg;username="";nonse="799"
- encryption---> cookies ko encrypted
Add Comment
Please, Sign In to add comment