Here, phishy phishy!
A reflected XSS attack follows a similar story, except that the user is employed to help hack themselves by tricking them to pass along the script. The phishing or link placement by the attacker replaces the form-based exploit and does require some work. Phishing involves sending a lure e-mail or web page to potential targets in the hope that they will believe their intent and click on one of the malicious links embedded within it. Phishing can often be used in other attacks (a simple redirect to a phishing site is still quite popular), but combining the targeted spamming with a redirect using a legitimate site, but a malicious script, can be downright nasty. That being said, let's discuss some of what attackers and we ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access