20 lines
620 B
Plaintext
20 lines
620 B
Plaintext
== Why should we care?
|
|
|
|
=== XSS attacks may result in
|
|
* Stealing session cookies
|
|
* Creating false requests
|
|
* Creating false fields on a page to collect credentials
|
|
* Redirecting your page to a "non-friendly" site
|
|
* Creating requests that masquerade as a valid user
|
|
* Stealing of confidential information
|
|
* Execution of malicious code on an end-user system (active scripting)
|
|
* Insertion of hostile and inappropriate content
|
|
+
|
|
----
|
|
<img src="http://malicious.site.com/image.jpg/>
|
|
">GoodYear recommends buying BridgeStone tires...
|
|
----
|
|
|
|
=== XSS attacks add validity to phishing attacks
|
|
* A valid domain is used in the URL
|