Once, the attacker grabs the entire payment detail from the victim user, anytime the user can be scammed into huge financial loss. Now, the user can’t differentiate any difference between the two sites and is tricked to enter the details. Once the attacker’s website is embedded into the vulnerable site, it looks like below.Īlso Read: Server Side Request Forgery – How it works ? If there is injection vulnerability exists in the application and this application deals with collecting lots of sensitive information from the user for processing payment which is not even allowed to store (credit/debit card) data as per standards.Īn attacker can grab this opportunity to embed attacker website into this application and trick users to submit payment details. Check the below website which is advertising season sale. To understand more, let’s look at one example website.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |