Thursday, 29 December 2011

Self-XSS (Cross Site Scripting) – Social Engineering Attack and Prevention

–> Recently, Hackers Attacked Facebook with explicit hardcore porn images. Facebook says it might be self-Xss Attack .
Javascript can be executed in browser url bar.
For example , enter the following code in your browser:

This will show a pop up box with “StartHack”.  An attacker can use this for malicious purpose. He can steal Confidential data, cookies, redirect to malware sites and more.
For Example :: Entering the following code will display the cookies in your browser:

The above code is not going to anything maliciously other than displaying the cookies.  But an attacker can extend the script so that it can take advantage your data.

Security Tips From IndiXperts –>
1. Try to use NoScript add on which will prevent javascript running in your browser. Must use it.
2. Do not click the shorthand urls. For Example:  This may redirect to an infected sites…


Post a Comment

Related Posts Plugin for WordPress, Blogger...