Content spoofing attack (Brother of Reflected XSS)!


Content spoofing is altering data/text of web pages. XSS uses <script> or any other JS  (E.G: <script>alert(1)</script> whereas  Content spoofing not. It can be using text or html code. A hacker can deface the page virtually. But not able to own the server/web.

Since there are two good explanation of this vulnerability so you better read there:

Something like this:,_ethical_hacker_who_always_love_to_learn_new_things_and_share_knowledge.Knowledge_should_be_free_but_not_the_hard_work._There_is_nothing_perfect.,%20I%20love%20to%20learn%20new%20things,and??

It is not such a powerful to hack entire server or an website but sometime these kind of vulnerability is enough to make the users fool.