"XSS", or cross-site scripting, is an attack to other users. It won't give you 'root' or SYSTEM access on a web server. It lives purely on application level (forget about the OSI model for just a minute), so it'll get you some privileges/information about the web ap
plication. Nothing more, nothing less.Roughly speaking, XSS is the ability of injecting HTML tags in the input of a web application. A "web application" can be many things, going from a web based e-mail client to 'online forums' to e-shopping malls. This list is only limited due human creativity.
To give a very basic example, imagine a guestbook where people can discuss what they think about that very website. When viewing a guestbook, a user sees whatever previous users say about this particular website, furthermore sometimes even HTML tags are allowed. Why not putting your text in a red 'comic sans' font, so that your message will be noticed.
This is dangerous.
Posts
