Cross-site scripting (XSS) is a web-based code injection attack. If a web application does not properly sanitize user input by first removing special characters or, in our case, HTML tags, an attacker can create a malformed URL that contains URL-encoded JavaScript code to the victim that will execute when the victim clicks on the link. For example, a simple HTTP GET parameter of id=Chloe could be altered to include JavaScript as id=<script>alert("XSS!");</script>, which will then execute into the victim's browser upon clicking our link. By "URL encoded" we simply mean that we have changed all of the ASCII characters to their hexadecimal values to safely transmit the URL over the Internet. For instance, an equals sign, =, would be encoded as %3D and a greater than symbol, >, would be encoded as %3E. This also helps the attacker by adding obscurity to the URL injected JavaScript code. This type of XSS attack is nonpersistent, or reflected XSS, since it doesn...
Penetration Testing with Perl
By :
Penetration Testing with Perl
By:
Overview of this book
<p>This guide will teach you the fundamentals of penetration testing with Perl, providing an understanding of the mindset of a hacker. In the first few chapters, you will study how to utilize Perl with Linux and the regular expression syntax. After that, you will learn how to use Perl for WAN target analysis, and Internet and external footprinting. You will learn to use Perl for automated web application and site penetration testing. We also cover intelligence gathering techniques from data obtained from footprinting and simple file forensics with file metadata.</p>
<p>By the end of this book, you will bring all of your code together into a simple graphical user interface penetration testing framework. Through this guide, you will have acquired the knowledge to apply Perl programming to any penetration testing phase and learn the importance of applying our technique in the methodology and context of the Penetration Testing Execution Standard.</p>
Related Content you might be interested in
Current Title:
Penetration Testing with Perl
No titles found
Table of Contents (20 chapters)
Penetration Testing with Perl
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Free Chapter
Perl Programming
Linux Terminal Output
IEEE 802.3 Wired Network Mapping with Perl
IEEE 802.3 Wired Network Manipulation with Perl
IEEE 802.11 Wireless Protocol and Perl
Open Source Intelligence
SQL Injection with Perl
Other Web-based Attacks
Password Cracking
Metadata Forensics
Social Engineering with Perl
Reporting
Perl/Tk
Index
Customer Reviews