Cross-Site Scripting

What is XSS?

"XSS", or cross-site scripting, is an attack to other users. It won't give you 'root' or SYSTEM access on a web server. It lives purely on application level (forget about the OSI model for just a minute), so it'll get you some privileges/information about the web application. Nothing more, nothing less.

Roughly speaking, XSS is the ability of injecting HTML tags in the input of a web application. A "web application" can be many things, going from a web based e-mail client to 'online forums' to e-shopping malls. This list is only limited due human creativity.

To give a very basic example, imagine a guestbook where people can discuss what they think about that very website. When viewing a guestbook, a user sees whatever previous users say about this particular website, furthermore sometimes even HTML tags are allowed. Why not putting your text in a red 'comic sans' font, so that your message will be noticed.

This is dangerous.

Power of JAVASCRIPT (try this very funny)

1. Open Internet Explorer or Firefox

2. Go to Google.com

3. Click images

4. Type "Scooby doo"(or any other keyword).

5. You will get a page which is having full of images

6. Then delete the URL from the address bar and type the following script



i know this code is very long and complex.. but unfortunately blogger ll not allowed to enter this code to post, thats why i use screen shot.. if u really like this please mail me (matildadarini@gmail.com), i ll forward this code.. you not need to type this, only thing is paste the code.. :)


do this,, this is really funnnnnnyyyyy..

7. See the magic of programming

AJAX

Asynchronous JavaScript And XML

Ajax is a combination of several technologies (JavaScript, XML, HTML and CSS) for creating better, faster, and more interactive web applicationsAsynchronous JavaScript And XML mean: Asynchronous means that when a request is sent, instead of compulsorily waiting till a response comes back, the user still continues working. A function which has been setup will wait for the server’s
response and will react to it JavaScript makes the request to the web server and once a response is returned, JavaScript modifies the current page using its DOM informing the user XML is used to wrap-up the data that is received back from the webserver Ajax was made popular by Google with the introduction of Google
Suggest and Google Maps

How AJAX Works?

Traditional web applications send a request to the web server (using GET or POST method), wait for the server to respond, then a new page will load with the results, thus results in huge overheads With AJAX, JavaScript communicates directly with the server, through the JavaScript XMLHttpRequest object, and gets a response from the server without reloading the web page

Advantages of AJAX

• Interactivity
– Ajax applications can perform number of tasks without having
their performance being limited by Internet bandwidth. This
makes the development of interactive and rich graphic
applications.

• Portability
– Ajax applications are created using existing technologies that are
well implemented by all major browsers and platforms.
Therefore, Ajax applications are cross-platform compliant.

Disadvantages of AJAX

• Usability criticisms
– An Ajax application might behave differently than a classical web
application. E.g.

• Brower’s back button will not guarantee to take the user to the previous instance of the page

• Difficult to bookmark a particular state of the application

• Response time concerns
– Without clear feedback to the user, network latency might result delay in
the interface of the web application something the user might not expect
or understand.

• JavaScript must be enabled
– The browser should support JavaScript and it should be enabled in the
browser.

AJAX TUTORIAL