Odds are I will edit it late to contain more information.
============== Cross Site Scripting (XSS) ===================
For Example, here is a typical form to sign up for a website
##User Name: |________________|
##Confirm Password: |______________|
##Home Phone: |______________|
In this form, certain things are checked for (or should be checked for) such as: User Name can't contain any special characters (only A-Z, 0-9), the email field HAS to contain an '@' symbol, so that should be checked for to ensure a proper, or at least semi proper email address has been given...
But what if the programmer didn't do any input validation at all?...
A line of code in a function, whatever language you're writing in, looks something of the sort:
char* username = get_user_name("INPUT");
Where INPUT is a file descriptor pointing to standard-IN or a buffer already containing your input value. If the input has not been validated or checked at all, the following situation can arise:
INPUT = BoB_Faggit"); execl(cmd, "code to telnet back to attackers comp");
And when this input gets passed into get_user_name(), the following lines of code look like:
char* username = get_user_name("Bob_Faggit");
execl(cmd, "code to telner back to attackers comp");
continue with program...
This would cause browser to run malicious code on whomever was on this site... unfortunately, right now, that is only us. And we can't make someone else type in the malicious code manually and hit enter... so wat do?
Look at the URL of the page you are viewing that is vulnerable to XSS, odds are it is using PHP GET/POST functions to relay the data back and forth... this method causes the values entered to be passed along in URL parameters...
For Example: (PHP URL off top of my head... not very PHP familiar)
Now, simply replace whichever value was vulnerable with your specially crafted payload:
www.some_XSS_vulnerable_site.com/index.php?username=Bob&?phone=234BoB_Faggit"); execl(cmd, "code to telnet back to attackers comp");&?phone=23489023
Now you have a link that, when sent to someone, will cause the malicious code to run. Of course, the code I provided does not work and is just a representation of what could be done.
A typical XSS attack is very simple and hard to avoid. The first and best way to avoid getting caught with your pants down is to always analyze links before you click them... the one in the previous example looks mighty suspicious... hopefully you wouldn't click it (though links can be obfuscated with URL encrypters and Base64 encrypters... but we won't worry about that now).
To do this, in Firefox 4, go to Edit->Preferences->Content