Re: Cross Site Scripting Vulnerabilities - XSSFrom: Bill Pennington (email@example.com)
- Previous message: Maximiliano Caceres: "Syscall Proxying: whitepaper and samples release"
- Maybe in reply to: Jason binger: "Cross Site Scripting Vulnerabilities - XSS"
- Next in thread: Kevin Spett: "Re: Cross Site Scripting Vulnerabilities - XSS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 06 Aug 2002 16:37:23 -0700 From: Bill Pennington <firstname.lastname@example.org> To: Matt Andreko <email@example.com>, pen-test <firstname.lastname@example.org>
In order for that to be useful you need to get someone else to click on the
link. This is generally not to difficult depending on your target. Remember
e-mail is easily forged.
On 8/6/02 2:56 PM, "Matt Andreko" <email@example.com> wrote:
> I am kinda new to XSS, but am intrigued by how it works. I have found
> it's not being stored in a database, what good is it?
> Take for example Iwillusa.com (a motherboard maker's website). They
> have a product page that I saw had some html in the URL:
> I edited it and it became: