Attacking Local Browser Storage

CrazyCanucklehead writes "At the Blackhat security conference in Washington, DC, researcher Michael Sutton has detailed how common XSS flaws in web applications employing (Google) Gears and HTML 5 Database Storage can leave local databases wide open to attack. This comes just as Gears is starting to take off, and just yesterday Google demonstrated a beta version of offline Gmail on phones, thanks to HTML 5 support in WebKit-based browsers, such as those used by Android and the iPhone. Sutton drove home the point by walking through a real world example on commercial site Paymo.biz, which has thankfully since been fixed."

Yeah, this wasn't basically obvious?

[Giant+Electronic+Bra]

In essence it isn't a NEW vulnerability, just whenever javaScript can do some new thing on your browser then hey presto! So can someone else's javascript do that marvy new thing. Just proves that XSS attacks live on, and always will.