Part 2 - What is XSS

Video Activity

This lesson offers some examples of well-known XSS attacks, which include: 1. MySpace: This occurred in 2005 and involved the SAMY worm 2. Facebook: This occurred in 2011 and used a code to distribute malware 3. Yahoo: This occurred in 2013 and involved cookie theft

Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Description

This lesson offers some examples of well-known XSS attacks, which include: 1. MySpace: This occurred in 2005 and involved the SAMY worm 2. Facebook: This occurred in 2011 and used a code to distribute malware 3. Yahoo: This occurred in 2013 and involved cookie theft

Video Transcription
00:03
so some attack examples. So you might be asking yourself,
00:08
Well, has this you know how much is actually being used in a real world where there's some attack examples? In 2005 the Sami worm took advantage of a cross, a scripting vulnerability which caused people who viewed affected pages to send a friend request to Sami Cam car
00:26
and then displaying message, which said,
00:28
But most of all, Sami is my hero.
00:31
Uh, this resulted in seeing me cam car gaining over one million friends overnight
00:37
and caused my space to temporarily shut down what I fixed the vulnerability. So the MySpace vulnerability show just how quickly the cross I scripting
00:49
vulnerability
00:51
can hit and how quickly it could spread
00:54
and just what kind of impact it can. Because every individual who
01:00
viewed a person's page
01:03
who had been affected by this then themselves became effective by it.
01:08
2011. There was an attack on Facebook on this attack took advantage of across the scripting vulnerability to spread malware via a malicious link. Here we can see the malicious link itself and just how detailed it was in order
01:25
to deliver the content.
01:27
Um,
01:29
and
01:30
this is
01:32
another dangerous example because of how quickly it was spread on how wide it was able to be spread. So
01:41
social media platforms are really, really dangerous to have these kind of vulnerabilities in
01:48
because of how quickly attacks conspire ed and how wide of the Net can cast because of the nature of how social media is with the sharing.
01:59
Then, in 2013 there was a Yahoo
02:01
across the scripting vulnerability, and there was a spam message with a short link
02:07
to an apparently harmless session of MSNBC.
02:09
Now lead to account hijacking via cookie theft. So I showed you an example of the cookie link before. So it was a spam message like that,
02:20
um,
02:21
which allowed individuals to steal the cookies of Yahoo users. We will be going more in depth and across the scripting. You will get time to practice some attacks,
02:35
see their effects and check out some really cool tools to find them and, uh, validate the exploits and see how far you can take the exploit in the test environment that you will be performing this test in. So what was covered?
02:53
We discussed across the scripting as we talked about the attack types. We also show juice on my tak examples with the three different
03:04
scripts that I'd showed. We discussed why it's dangerous and we also discussed the examples of real world attacks. Happy hacking out there, everyone.
Up Next
Web Application Penetration Testing

In this web application penetration testing course, SME, Raymond Evans, takes you on a wild and fascinating journey into the cyber security discipline of web application pentesting. This is a very hands-on course that will require you to set up your own pentesting environment.

Instructed By