Impact of Cross-Site Scripting vulnerabilities on social networking sites
Take a walk through most workplaces and you will surely notice someone browsing a social networking site. No wonder that website popularity services like Alexa rate Facebook the second most visited website after Google and before Youtube! We trust these websites to reflect the public image that we want to portray and sometimes even trust with secrets. A single cross-site scripting vulnerability allows attackers to do anything (that the victim may do) on behalf of the victim. In this article we will look at how Facebook accounts could be compromised through such a simple, yet effective vulnerability.
HTTPOnly does not protect your site (or Facebook) from XSS exploitation
Traditionally, most cross-site scripting exploitation involves sending the cookie to the attacker through javascript. The attacker would typically write dynamic HTML such as the one below, which dynamically sends the cookie to a web server controlled by the attacker.
More info and video demo: http://www.acunetix.com
Volut-ID | World News Articles
All news of interest and can provide an info for you, and so can assist in the search for new news.
About news gadgets, mobile phones
info about the latest mobile phone, from news, features, and the most mobile phone models in search of the world.
No response to “Exploiting a cross-site scripting vulnerability on Facebook”
Leave a reply