difference between the XXX and Phishing
"""
By exploiting vulnerabilities in the web server, an attacker uses the website as an intermediary for transferring malicious code to another victim. In this attack, the victim is usually not aware of being exploited because he or she assumes the data received are from a valid Web server. One example of malicious action is for the attack code to copy cookies from the victim’s computer and relay them to the attacker.
A basic example of XSS is when a malicious user injects a script in a legitimate shopping site URL which in turn redirects a user to a fake but identical page. The malicious page would run a script to capture the cookie of the user browsing the shopping site, and that cookie gets sent to the malicious user who can now hijack the legitimate user’s session. """"
Then what is the difference between the XXX and Phishing ?
By exploiting vulnerabilities in the web server, an attacker uses the website as an intermediary for transferring malicious code to another victim. In this attack, the victim is usually not aware of being exploited because he or she assumes the data received are from a valid Web server. One example of malicious action is for the attack code to copy cookies from the victim’s computer and relay them to the attacker.
A basic example of XSS is when a malicious user injects a script in a legitimate shopping site URL which in turn redirects a user to a fake but identical page. The malicious page would run a script to capture the cookie of the user browsing the shopping site, and that cookie gets sent to the malicious user who can now hijack the legitimate user’s session. """"
Then what is the difference between the XXX and Phishing ?
Comments
-
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
You mean XSS, not XXX, right?
Cross-site scripting is just what it sounds like. The attack involves linking to an external script. It can do a lot of things at that point. What they gave you was just an example.
I can see where you're confused with that example, since it sort of leads into a phishing attack.
Wikipedia has a good overview on both:
http://en.wikipedia.org/wiki/Cross-site_scripting
http://en.wikipedia.org/wiki/Phishing -
JDMurray
Admin Posts: 13,091 Admin
Phishing is a deliberate misrepresentation of a Web site for the purpose of collecting personal information from a user (bank account number, SSN, CC number, etc.). Cross-site scripting (XSS) is a technique for injecting scripting code into Web pages from a (usually malicious) Web site. XSS might be used to perpetrate a phishing attack, but XSS is not necessary for phishing to take place. XSS has many legitimate, non-malicious uses too. It's only a tool and a technique and is not malicious by nature.
