Re: Cross Site Scripting Vulnerabilities - XSSFrom: Bill Pennington (firstname.lastname@example.org)
- Previous message: Maximiliano Caceres: "Syscall Proxying: whitepaper and samples release"
- Maybe in reply to: Jason binger: "Cross Site Scripting Vulnerabilities - XSS"
- Next in thread: Kevin Spett: "Re: Cross Site Scripting Vulnerabilities - XSS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 06 Aug 2002 16:37:23 -0700 From: Bill Pennington <email@example.com> To: Matt Andreko <firstname.lastname@example.org>, pen-test <email@example.com>
In order for that to be useful you need to get someone else to click on the
link. This is generally not to difficult depending on your target. Remember
e-mail is easily forged.
On 8/6/02 2:56 PM, "Matt Andreko" <firstname.lastname@example.org> wrote:
> I am kinda new to XSS, but am intrigued by how it works. I have found
> it's not being stored in a database, what good is it?
> Take for example Iwillusa.com (a motherboard maker's website). They
> have a product page that I saw had some html in the URL:
> I edited it and it became: