From 971fef79508b0eddda7484994635a71cd5a527c2 Mon Sep 17 00:00:00 2001 From: Byungcheon Ko Date: Mon, 28 Mar 2016 00:54:10 -0400 Subject: [PATCH] Spelling correction: priviledges -> privileges --- en/09.3.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/en/09.3.md b/en/09.3.md index 178c7692..d096837b 100644 --- a/en/09.3.md +++ b/en/09.3.md @@ -13,7 +13,7 @@ The other type is a reflected XSS attack. The main idea is to embed a malicious XSS present the main means and ends as follows: - Theft of cookies, access to sensitive information. -- The use of embedded Flash, through crossdomain permissions, can also be used by an attacker to obtain higher user priviledges. This also applies for other similar attack vectors such as Java and VBScript. +- The use of embedded Flash, through crossdomain permissions, can also be used by an attacker to obtain higher user privileges. This also applies for other similar attack vectors such as Java and VBScript. - The use of iframes, frames, XMLHttpRequests, etc., can allow an attacker to assume the identity of a user to perform administrative actions such as micro-blogging, adding friends, sending private messages, and other routine operations. A while ago, the Sina microblogging platform suffered from this type of XSS vulnerability. - When many users visit a page affected by an XSS attack, the effect on some smaller sites can be comparable to that of a DDoS attack.