Last post Jan 20, 2015 02:57 AM by Summer - MSFT
Jan 19, 2015 09:59 AM|2xo1|LINK
on a static content - how is it possible to launch an attack?
if i got html page and jQuery that manipulate the dom - getting the data from txt file or from webService...
and no user input are involve...
so for my understanding is the only attack that could happen only locally: on the attacker browser himself:
and will not effect globally for other users -- wright?
Jan 19, 2015 10:17 AM|Siva Krishna Macha|LINK
Yes, Browser is the weapon used for XSS attacks.
Jan 19, 2015 01:58 PM|2xo1|LINK
how will it take a global effect? can the attack could alter the static files in the host?
Jan 19, 2015 02:17 PM|Siva Krishna Macha|LINK
Mostly XSS is all about displaying some script content to the user (non-persistent) or, passing scripts to the server in form fields so that server stores it (persistent) and when queried again, it will be displayed to the users. However there are no such
examples of updating the server content (at least I didn't hear such)!
You can read this nice article on various examples though to understand XSS clearly:
Jan 20, 2015 02:57 AM|Summer - MSFT|LINK
Thank you for your post.
As far as I know, the Cross Site Scripting (often abbreviated as XSS) allows the injection of malicious scripts into an otherwise trusted website. This injection happens without the user's knowledge.
Further information about the process of the XSS, please refer to the link below.