Inroduction to xss-I

From the day When I am a student of web analysis and security, I have seen many types of bugs and error on such sites.Even most reputed sites like Google pages,Orkut,Facebook and Tagged,IN.com many mores sites are noramally having xss bug in their applicaitons most will be fixed after lots of misuse of this bug and result will be some lost their accounts and lotsa lost thier personal information.Thanks to unawareness of programming .Its not the fault of programmer but its fault of awareness and workload. If you are student of web security or proffesional web devloper than you know about this kind of Bug xss is for others lemme define it very basically and its effects.

XSS :Brief inroduction of general bug -I:-

For developers:

Cross Site Scripting (XSS) is an attempt to bypass input validation and give the attacker the means to inject content into the page. This content can be used to trick the user into disclosing sensitive information, execute actions via existing credentials, and so on. Even a CSRF attack can be mounted through the initial XSS hole, so in some ways, XSS is an exploit with nearly limitless possibilities. Unfortunately, XSS is also extremely common, arguably the biggest bane of web applications, affecting both large and small sites.

For the Normal
users:-
Who don’t know anything about technical web building and security. Xss can define as
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web
users into the web pages viewed by other
users

(Sources: Wikipedia,acunetix,my article on shoutmeloud)

with help of this
vulnerability computer hacker can make following harm to user/organization :

* Identity theft
* Accessing sensitive or restricted information
* Gaining free access to otherwise paid for content
* Spying on user’s web browsing habits
* Public defamation of an individual or corporation
*
Web application defacement

(continue:)