Cross-site scripting or XSS is a threat to a website's security. It is the most common and popular hacking tool to gain access information from a user on a website. There are hackers with malicious objectives that utilize this to attack certain websites on the Internet. But mostly good hackers do this to find security holes for websites and help them find solutions. Cross-site scripting is a security loophole on a website that is hard to detect and stop, making the site vulnerable to attacks from malicious hackers. This security threat leaves the site and its users open to identity theft, financial theft and data theft. It would be advantageous for website owners to understand how cross-site scripting works and how it can affect them and their users so they could place the necessary security systems to block cross-site scripting on their website.
- Cross-scripting attack - The one method that is most used is called the persistent attack. This method is stored on a site and consistently attacks the site and its users. Those websites that don't filter out xml script like those that have message boards where html is accommodated, or login windows. These are security holes and are open to attacks. The persistent attack is commonly used because you input only once and it keeps affecting the site and everyone who visits.
- Targeting a site - Finding a vulnerable website is the first step. You find areas in the website that gives out cookies, and this is where information and data is harvested from. You can gather individual user's information from cookies like login information to IP addresses.
Learning how to hack websites with cross-scripting can help these sites provide more security for their users. Building a website with this security hole in mind will help avoid problems in the future.