Breaking News
Loading...
Monday, October 24, 2011

What is xss attack .. Xss Attack Details


Xss attack Details

  • XSS Shell is a cross-site scripting backdoor into the victim's browser which enables an attacker to issue commands and receive responses. 
  • During a normal XSS attack an attacker only has one chance to control a victim's browser; however, the XSS Shell keeps the connection between the attacker and the victim open to allow the attacker to continuously manipulate the victim's browser. 
  • XSS Shell works by setting up an XSS Channel, an AJAX application embedded into the victim's browser, that can obtain commands and send back responses. 
  • To enable the XSS Shell an attacker needs to inject the XSS Shell's Javascript reference by utilizing a XSS flaw on a website. 
  • Once the victim's browser is infected with the XSS Shell and the XSS Channel is created, the attacker can issue instructions to the infected browser. 
  • Also, the Attacker can use a XSS Tunnel to transfer HTTP traffic through the XSS Channel and the victim's browser; in turn, exploiting the victim's credentials to bypass authentications and IP Restrictions. 
  • The XSS Tunnel is a HTTP Proxy that sits on an attacker's computer, and any tool that is configured to use it will tunnel its traffic through the XSS Channel.

0 comments:

Post a Comment

Save this Page

Copyright © 2012 Checkzx All Right Reserved
Designed by CBTblogger