Whenever we think of hackers, hackers are often such a portrait: a lonely person, quietly entering other people's servers, destroying or stealing secret information of others. Maybe he will change our homepage, and even the customer's credit card number and password. In addition, hackers will also attack customers who visit our website. At the same time, our server has also become his gang. Microsoft said this attack is "cross-station Script" attack. Most of this attack happens when the website is dynamically generated web page, but the hacker's goal is not your website, but the customer of the website.
Explanation of cross-station Script attack
In a magazine named << Advisory CA - 2000-02 >>, CERT warns everyone: If the server does not effectively verify the customer's input, the hacker will enter some malicious HTML code, when these HTML code input It is used for Script programs that they can use it to destroy, such as inserting some disgusting pictures or sounds, while you can interfere with the customer's correct browsing.
We know that some friends have been induced to some suspicious free websites, they get only 10 to 20 small windows, which are often accompanied by the failure button generated by Java or JavaScript, which is called a mouse trap. Closing these windows is futile, whenever we close a window, there will be 10 windows popping up. This situation often occurs when the administrator is not there. The mouse event is a typical example of hackers using the cross-station Script method.
Malicious labels and Script are not simple prancing, they can even steal materials and smash systems. A smart or even smart hackers can use Script interference or change the input of server data. Use SCRIPT code to attack the customer system and make your hard disk. And you have to know that when you use the server while using the server, the hacker's Script is also running in your server! If the customer is very confirmed to your server, they will also trust those malicious Script code. Even this code is a server from hacker in the form of
