Hello friends, my name is piyush and today I am going to explain about Self-XSS. Self-XSS is a Social Engineering Attack and I will also discuss its prevention points.
–> Recently, Hackers Attacked Facebook with explicit hardcore porn images. Facebook says it might be self-Xss
read more>>
Attack .Javascript can be executed in browser url bar.For example , enter the following code in your browser:
This will show a pop up box with “StartHack”. An attacker can use this for malicious purpose. He can steal Confidential data, cookies, redirect to malware sites and more.
For Example :: Entering the following code will display the cookies in your browser:
The above code is not going to anything maliciously other than displaying the cookies. But an attacker can extend the script so that it can take advantage your data.
Security Tips From StartHack –>
–> Recently, Hackers Attacked Facebook with explicit hardcore porn images. Facebook says it might be self-Xss
read more>>
Attack .Javascript can be executed in browser url bar.For example , enter the following code in your browser:
This will show a pop up box with “StartHack”. An attacker can use this for malicious purpose. He can steal Confidential data, cookies, redirect to malware sites and more.
For Example :: Entering the following code will display the cookies in your browser:
The above code is not going to anything maliciously other than displaying the cookies. But an attacker can extend the script so that it can take advantage your data.
Security Tips From StartHack –>
1. Try to use NoScript add on which will prevent javascript running in your browser. Must use it.
2. Do not click the shorthand urls. For Example: bit.ly/19uhfb?22. This may redirect to an infected sites…
Aware From Social Engineering –>2. Do not click the shorthand urls. For Example: bit.ly/19uhfb?22. This may redirect to an infected sites…
1. If anyone force you or ask you to paste the script in your browser even if he/she is your friend, ever never do this mistake..
2. If anyone says like, congrats you have win $50,000 from facebook or microsoft etc, click here to clam your prize. Never click on it.
3. If anyone says “Iphone only $10″, Don’t eager to click it.
4. If anyone says “1000 shares will cure a baby”, Never do this mistake. Facebook shares never help to get money or help to cure baby.
2. If anyone says like, congrats you have win $50,000 from facebook or microsoft etc, click here to clam your prize. Never click on it.
3. If anyone says “Iphone only $10″, Don’t eager to click it.
4. If anyone says “1000 shares will cure a baby”, Never do this mistake. Facebook shares never help to get money or help to cure baby.
No comments:
Post a Comment