hahahah amol hacked ur ip address

Sign by Danasoft - For Backgrounds and Layouts

Author

Amol Bhure (ultra l33t) was born in Maharashtra, Seventh July Of Nineteen Hundred Nineteen Ninety A.D. He's currently pursuing his B.E in Bangalore. A cyber Security Professional, Hacker, Designer, Programmer. Keen interest in hacking and network security and he developed several techniques of defending and defacing websites. He's of the opinion that people should learn this art to prevent any cyber attacks. Currently Amol works as a member of 'Null International', Bangalore chapter as a network security guy. Apart from this, he has done internships at YAHOO! India, AMAZON India, etc. He has also attended various International conferences like NullCon GOA, c0c0n, ClubHack, Defcon , SecurityByte, ICFoCS, OWASP, etc.. He is certified with RHCE, LPT, CEH v7, SCJP, AFCEH. In programming he knows stuffs on C, C++, C# , JAVA (SCJP), .NET , and PHP. Additionally he knows few hardware languages like HDL, VHDL, Verilog, Embedded Micro controller Programming. He has been featured on google hall of fame. Amol was named a "India's top 10 hacker" by google. "World's top 50 hacking blog" by google.

Daily Page Views

Thursday, December 2, 2010

Why XSS Occurring In Websites ?

There Basically 2 Reasons For Occurring The XSS :- 

(1) Function Method GET 
(2) Open Tag In The Sccript

(1) Function Method GET :- The HTML specifications technically define the difference between "GET" and "POST" so that former means that form data is to be encoded (by a browser) into a URL while the latter means that the form data is to appear within a message body. But the specifications also give the usage recommendation that the"GET" method should be used when the form processing is "idempotent", and in those cases only. As a simplification, we might say that "GET" is basically for just getting (retrieving) data whereas "POST"may involve anything, like storing or updating data, or ordering a product, or sending E-mail.

So If There is any difficulty in defining or the writing in the code of this GET method,It invites the XSS/CSS ( Cross Site Scripting )

(2) Open Tag In The Sccript :- To understand this lets take and example guys.You all know HTML coding.I am here typing the cod of the HTML for simple text displaying on the webpage.

Code :- <html>
<title>XSS Vulnerability Information </title>
<head><h1>XSS Vulnerability</h1></head>
<body>Hi Guys This is chintan this document is made by me.</body>
</html>

Guys this is the simple code of the displaying text with the title page and the heading.
Technical Falult :- Suppose any web developer forgets to closing any tag then it occurs the XSS vulnerability.

SUPPOSE HERE I FORGET TO CLOSE THE TITLE,HEAD OR THE BOYS  IT SIMPLY MEANS THAT THE TAG IS OPEN SO THAT IF ANY USER GIVES ANY COMMAND OR THE SCRIPT IT WILL RUN IN THIS BECAUSE THE TAG IS OPEN AND IT ALLOWS ALL THE SCRIPT FROM USER THROUGH BROWSER.SO ANY SCRIPT CAN BE RUN IN THIS INPUT BY USER.

How to Prevent This Vulnerability ??

(1) In first case change that all GET method to POST methods.
(2) In second case check with tag is remained open by the web developer and try to close it.
Post a Comment