Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Anatomy of Cross Site Scripting

Posted by CmdrTaco on Friday November 7, 2003 @04:41AM from the vulnerabilities-are-lurking-everywhere dept.

LogError writes "Many documents discuss the actual insertion of HTML into a vulnerable script, but stop short of explaining the full ramifications of what can be done with a successful XSS attack. While this is adequate for prevention, the exact impact of cross site scripting attacks has not been fully appreciated. This paper will explore those possibilities."

2 of 208 comments (clear)

Min score:

Reason:

Sort:

OH NO NEW XSS VULN by Anonymous Coward · 2003-11-07 04:43 · Score: -1, Troll

fucking lame script kiddies, go back to your mothers basement and run winxp!!

xss != hacking
MOD PARENT DOWN by cft · 2003-11-07 04:45 · Score: -1, Troll

Since code is inserted under a different site, it can take advantage of variables which are accessible only to that specific neo and trinity die the matrix is rebooted site. Commonly the flow is then redirected to an attacker controlled script to perform certain actions.

nice try!