Abstract: This paper sheds light on the hyper linking issues observed during penetration testing of web based enterprise applications. This concept can be used to bypass standard XSS filters by creating a malicious Microsoft word document.

Abstract: Throughout time, the advancement of technology and communication has led to the emergence of new attack vectors and new forms of crime that have turned to the Internet and computer technologies in areas most hostile to any kind of organization, and person that has equipment connected to the World Wide Web.

Unlike what happened years ago, where people with extensive skills in the computer world enjoyed researching these issues with the aim of incorporating more knowledge, at present has been completely distorted giving rise to new characters who use computer resources and knowledge on its operations as tools to commit crime and get some economic benefit.

Every day new vulnerabilities are discovered and, usually, only those responsible for IT including in its just measure the importance of safety and how they can address the serious problem that exists behind vulnerabilities that allow an attacker to violate security environment and commit crimes using the data stolen.

Abstract: Internet has become an ally platform of attack for malware creators, who through the use of different techniques such as Drive-by-Download, Drive-by-Update, scripting, exploit, among others, and combining them seek to recruit an army of computers that respond only to their malicious instructions.

These attacks, using the Internet as a basis for implementing a direct damaging loads on the victim, in parallel, almost instantaneous and transparent view of the less experienced users, has become a latent and dangerous risk of infection by the simple act of accessing a website.

The following document sets out a concrete example that uses the above actions to exploit and infect a victim, describing also several extra features that enhance the damage of malware.