Content spoofing attack (Brother of Reflected XSS)!

0

Content spoofing is altering data/text of web pages. XSS uses <script> or any other JS  (E.G: <script>alert(1)</script> whereas  Content spoofing not. It can be using text or html code. A hacker can deface the page virtually. But not able to own the server/web.

Since there are two good explanation of this vulnerability so you better read there:

https://www.owasp.org/index.php/Content_Spoofing
http://projects.webappsec.org/w/page/13246917/Content%20Spoofing

Something like this:
https://www.owasp.org/index.php/Pusheax.com_is_a_independent_penetration_tester,_ethical_hacker_who_always_love_to_learn_new_things_and_share_knowledge.Knowledge_should_be_free_but_not_the_hard_work._There_is_nothing_perfect.

http://projects.webappsec.org/w/page/13246917/%28pusheax%20is%20a%20regular%20independent%20pentester%20,%20I%20love%20to%20learn%20new%20things,and??

It is not such a powerful to hack entire server or an website but sometime these kind of vulnerability is enough to make the users fool.