Tuesday, December 21, 2004

Power of CSS attack.

When i came to know about the Cross Site Script (CSS) attack long time back, i thought how good an attack can it be, if the script is running in a client browser and that too in a controlled execution environment provided by many modern browsers.

I found that someone can inject a script to refresh the page in some shorter interval of time and can effectively bring down the web server with lot of load from just a fraction of legitimate users.
DOS. My intial (illiterate) assumption was some hacker has to control a large no. of zombie clients to use this techinique, that was totally busted with a simple CSS.

A lesson to all those who believe world is so NICE!!!

No comments: