does a website need to return the URL for a cross site scripting attack to succeed
From: 2pac (cal_2pac@yahoo.com)
Date: 02/14/03
- Next message: Lawrence DčOliveiro: "Re: Strong Passwords Revisited"
- Previous message: RaMatkal: "Re: can my password be sniffed in this situation ?"
- Next in thread: Mike Bell: "Re: does a website need to return the URL for a cross site scripting attack to succeed"
- Reply: Mike Bell: "Re: does a website need to return the URL for a cross site scripting attack to succeed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: cal_2pac@yahoo.com (2pac) Date: 14 Feb 2003 00:34:40 -0800
Hi
i am trying to understand cross site scripting and test my company's
product for any vulnerability for it
say if a malicious user X is able to make a user Y click on a url
<URL> + "malicious javascript"
now for the malicious javascript to run - will the webserver at URL
have to return the URL
is there any other way that cross site scritping attack can be
launched
Thanks
- Next message: Lawrence DčOliveiro: "Re: Strong Passwords Revisited"
- Previous message: RaMatkal: "Re: can my password be sniffed in this situation ?"
- Next in thread: Mike Bell: "Re: does a website need to return the URL for a cross site scripting attack to succeed"
- Reply: Mike Bell: "Re: does a website need to return the URL for a cross site scripting attack to succeed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
