Cross Site Scripting (XSS)
XSS is hacking trick where malicious user can add carefully-constructed comments to webpages with the intention of fooling web browsers. Read more in my previous article Cross Site Scripting Example where you can try live example.
Cross Site Request Forgery ( CSRF )
CSRF is hacking trick that works by exploiting the trust that a site has for the user. Site tasks are usually linked to specific urls
(Example: http://hackspc.com/sellpage?money=1000&count=145689782562) allowing specific actions to be performed when requested. If a user is logged into the site and an attacker tricks their browser into making a request to one of these task urls. Typically an attacker will embed malicious HTML or
JavaScript code into an email or website to request a specific ‘task url’ which executes without the users knowledge.
SQL Injection
SQL Injection is subset of the an unverified/unsanitized user input vulnerability and the idea is to convince the application to run SQL code that was not intended.
Javascript Injection
Javascript injection is hacking trick that allows you to change websites behavior without refreshing or leaving it. It provides on spot interaction with the source code of website from browser window. Javascript script might come really handy when you are hacking basic websites. Javascript injection allows you to alter the form values before sending it to server
No comments:
Post a Comment