XSS Found in Official web site of Samsung
After a long time back in action with big boom.actually last 1 or 2 months i planed to post here something but unfortunately i have no topic for post here...:P
I am big fan of samsung galaxy s3 and i want it so as usually open Samsung's official web site and start to explore it.... bt we are Hacker i found something when i searched on web site and i forgot that why i am here and my devil.exe start ..lolzz
forgot all this thing it just "MASTI"
HERE WE GO...
WHAT IS XSS:
TYPES OF XSS :
I am big fan of samsung galaxy s3 and i want it so as usually open Samsung's official web site and start to explore it.... bt we are Hacker i found something when i searched on web site and i forgot that why i am here and my devil.exe start ..lolzz
forgot all this thing it just "MASTI"
HERE WE GO...
WHAT IS XSS:
·
XSS is a type of computer security vulnerability typically found in Web applications,
such as web browsers through breaches of browser security,
that enables attackers to inject client-side script
into Web pages viewed by other users. A cross-site
scripting vulnerability may be used by attackers to bypass access controls
such as the same origin policy.
effect may range from a petty nuisance to a significant security risk,
depending on the sensitivity of the data handled by the vulnerable site and the
nature of any security mitigation implemented by the site's owner.
- Persistent XSS (PERMANENT)
- Reflective XSS (TEMPORARY)
Impact of Cross-Site Scripting
- Hijack an account
- Spread Web worms
- Access browser history and clipboard contents
- Control the browser remotely
- Scan and exploit intranet appliances and applications
Detecting a XSS Attack
<SCRIPT>ALERT("UK")</SCRIPT>
use this script in search box if u get a pop alert box then it means there is an xss
xss Example :
mr.uk45 found an xss vulnerability in Samsung's official web site
open this web site got to search box and type
<SCRIPT>ALERT("UK")</SCRIPT> and hit enter
now how you can misuse it :P
make your own phishing page
use this script in search box
<iframe src="your phishing link" width="1000px" height="1000px" />
you can steal cookie using
<script>alert(document.cookie)</script>
use your social engineering skill and hack the planet :)
have a safe hacking :D :P
0 Response to "XSS Found in Official web site of Samsung "
Post a Comment