Are cross-site scripting attacks only a threat against visitors to your site, or could a crafty script kiddie actually cause a problem on the server (like deleting or reading files)?
Adam
Adam
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Scope of XSS vulnerabilities 1
- Thread starter adam0101
- Start date
-
1
- #2
Everything I read about CSS shows that in the worst case scenario, data from the culprit could get stored within a table on the server. Besides that, unless it leads to an SQL injection attack, nothing on the server would be in harm's way.
A definition of a CSS attack says this:
Since it injects client-side script, there's really no way of getting to the server.
![[monkey]](/data/assets/smilies/monkey.gif "[monkey] [monkey]")
![[snake]](/data/assets/smilies/snake.gif "[snake] [snake]")
<.
A definition of a CSS attack says this:
Since it injects client-side script, there's really no way of getting to the server.
<.- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question