|
|
|
|
|
|
by tylerd22
2174 days ago
|
|
|
xss is surprisingly hard to prevent because user input must be escaped differently depending on context (html, css, js, json). User input also shows up in surprising locations such as dns records and whois info. Luckily, an effective xss attack e.g. targetting the admin of a target website, often require a large amount of effort and social engineering. |
|
|
For persistent attacks, its mostly just sit and wait for an attacker - they don't really control when/if a user visits the compromised page.