Advanced Cross Site Scripting

Added By Andres - May 23, 2014 - Cross-site scripting


I recently read in an article the incorrect statement that cross site scripting (XSS) can not be exploited if the POST method is used instead of GET, which is completely false. The method used to exploit POST variables may also be modified to allow for more advanced timing attacks which could allow an attacker to gain access to areas that require the user log in to a password protected area. When coupled with social engineering this method becomes an extremely reliable tool for attackers to gain access to secured areas via account hijacking.




Submit Comment

You must be logged in to post comments. Click here to login.