2013-12-09
Re: Practice Final Question 5.
Mari Kaneshima
Samira Oliva
Pedro Flores
Samira Oliva
Pedro Flores
Mari Kaneshima<br>Samira Oliva<br>Pedro Flores
2013-12-11
Originally Posted By: Maxwell Gregory
Maxwell Gregory
Mari Kaneshima
Samira Oliva
Pedro Flores
XSS
Cross-site scripting, works by client-side script injection. This can be done
by a user posting javascript to a webpage through a comment form that will get
excuted on form submission that the web page will then display their malicious code
upon being viewed by other users. You can also manipulate the query parameters of a url
that looks like a legitimate site but has parameters in it that inject code into the original.
Then you can send this in a message to your victim and ensue world domination.
CSRF
Cross-site request forgery, exploits a user's identity to use their authentication to gain
forbidden access. Such as making an appealing image for the victim to click that will
point to a url that uses the authentication of the victim to access thier personal information.
Click-jacking
Tricking a user to click on something that actually leads them somewhere they were not trying
to go. Such as making a hidden clickable element atop a different button or simply changing the
displayed text for a hyperlink.
Mari Kaneshima
Samira Oliva
Pedro Flores
XSS
Cross-site scripting, works by client-side script injection. This can be done
by a user posting javascript to a webpage through a comment form that will get
excuted on form submission that the web page will then display their malicious code
upon being viewed by other users. You can also manipulate the query parameters of a url
that looks like a legitimate site but has parameters in it that inject code into the original.
Then you can send this in a message to your victim and ensue world domination.
CSRF
Cross-site request forgery, exploits a user's identity to use their authentication to gain
forbidden access. Such as making an appealing image for the victim to click that will
point to a url that uses the authentication of the victim to access thier personal information.
Click-jacking
Tricking a user to click on something that actually leads them somewhere they were not trying
to go. Such as making a hidden clickable element atop a different button or simply changing the
displayed text for a hyperlink.
'''Originally Posted By: Maxwell Gregory'''
Maxwell Gregory<br>Mari Kaneshima<br>Samira Oliva<br>Pedro Flores<br><br><br>XSS<br><br>Cross-site scripting, works by client-side script injection. This can be done <br>by a user posting javascript to a webpage through a comment form that will get <br>excuted on form submission that the web page will then display their malicious code<br>upon being viewed by other users. You can also manipulate the query parameters of a url<br>that looks like a legitimate site but has parameters in it that inject code into the original. <br>Then you can send this in a message to your victim and ensue world domination.<br><br><br>CSRF<br><br>Cross-site request forgery, exploits a user's identity to use their authentication to gain<br>forbidden access. Such as making an appealing image for the victim to click that will<br>point to a url that uses the authentication of the victim to access thier personal information.<br><br>Click-jacking<br><br>Tricking a user to click on something that actually leads them somewhere they were not trying <br>to go. Such as making a hidden clickable element atop a different button or simply changing the<br>displayed text for a hyperlink.
(c) 2024 Yioop - PHP Search Engine