Nepaliko

Introduction Websites today are more complex than ever, containing a lot of dynamic content making the experience for the user more enjoyable. Dynamic content is achieved through the use of web applications which can deliver different output to a user depending on their settings and needs. Dynamic websites suffer from a threat that static websites don't, called "Cross Site Scripting" (or XSS dubbed by other security professionals). Currently small informational tidbits about Cross Site Scripting holes exist but none really explain them to an average person or administrator. This FAQ was written to provide a better understanding of this emerging threat, and to give guidance on detection and prevention. "What is Cross Site Scripting?" Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely ...

lease do not take this posting as an offense against your website. Our motive is to let you know insecurities in your website and also give options to improve them. Information Its been quite some time the inland revenue department's website was upped, there are features like e-pan, filling PAN bills, tax bills online. The website lists the general idea about IRD and stuffs. Level of Vulnerability 9/10 - i was able to run commands, DOS commands in it!! del C:\*.*, kidding!! Background The website actually seems to be hosted in two different servers, 1) http://ird.gov.np $ nslookup ird.gov.np Non-authoritative answer: Name: ird.gov.np Address: 63.219.2.40 2) another subdomain, http://web.ird.gov.np nslookup web.ird.gov.np Non-authoritative answer: Name: web.ird.gov.np Address: 116.90.235.4 Looking at the website, information is arranged in pages, the urls have page=xyz type of syntax, umm, XSS?? and the table based layout! (1980s? albiet exageration) and the background image rep...