Normally, that's what you'd do to get around limitations such as this (I do this all of the time). However, for a true XSS attack, you'd need to use GET vars.
So, essentially, he wound up doing exactly that, but it was the victim that needed to submit the POST data (so that the user's browser would be in the valid domain when it executed the script (which grabbed the cookie)).
The end result is that this is a phishing + XSS combo.
In contrast to phishing (and in contrast to what's been said in most of the posts so far), an XSS exploit is a
legitimate link to the target website.
XSS is NOT necessarily a legitimate link to the target website.
For instance, there was an XSS (and phishing) bug in IE a few years back, wherein a link formatted like so: http://www.realsite.com%20www.evilsite.com/badcgi. pl
would appear as a legitimate link to realsite, but would actually go to evilsite, loading the bad cgi.
Further, IE would actually send the cookie for realsite to evilsite.
I used this to exploit a forum that I frequent back then.
You don't feel this to be true XSS?
Cross site scripting does not necessarily involve JavaScript, server side, client side, or any combination thereof. It is a common misconception.
The flaw can be in the browser, the web application, or the server.
Just so you know.
If the universe were (13.7, 14.3, or 15.8) billion years old, but, at the same time, 180 billion light years wide, then how could it
have been created from the big bang (assuming nothing can travel/'transfer information' faster than the speed of light)?
I don't pretend to know anything about physics or astrophysics, and I haven't thought about it, so it's an honest, kneejerk question.
we say 'The twenty-ninth of july two-thousand and six' more than we say something like 'July twenty-ninth two thousand and six (unless we're talking along to the Daily Show intro.
Actually, we don't say "and" in America, either (well, we're not 'supposed' to).
The correct way to speak this number is: Two Thousand Six.
The Playstation was released "September 9, 1995," unless you're in Japan (which only gives you leeway of about one year).
the prosecution will call this evidence A:
we'd ask for a playstation, or nintendo, or something
the prosecution will call this evidence B:
My wife bought me a PSX back in '96
I can only draw the conclusion, as a practitioner of dork law under the state of truth and justice, that you were still asking your mother to buy you toys when you were married.
The prosecution rests.
I like the idea of the RIAA Radar (and I'm aware that there are similar sites out there), but as I've told them before, I will never partake of a service that attempts to refer to me as a "consumer."
Since AIDS seems to be spreading the most and the fastest in Africa, according to your reasoning that means Africa is a gay continent? Just because we _thought_ it was a gay disease, doesn't mean it is... Remember we used to think the earth was flat...
Obviously, you do not read slashdot. Cum hoc ergo propter hoc. Causation, correlation, and all that.
Oops, I forgot to tack on a pretentious, vindictive anecdote at the end. Oh, well!
It is not difficult to explain this to kids, most kids think kissing is gross, it doesn't matter to them they're 2 men or 2 women or a man and a woman... It's only hard to explain a gay couple kissing in public to YOU, the one explaining, not to the kid...
Wait, what? It's not difficult to explain this to kids, but it's difficult to explain this to kids? I don't get it. What are you saying? Maybe you mean it's not hard for the kids to understand?
You'd be sorely mistaken.
I remember seeing two guys kissing in a magazine as a kid, and I didn't know why they were doing that. It seemed very weird and unnatural. I took this to my mom and asked her why two guys were kissing. I remember that she had as hard a time understanding it as I did.
I can understand and rationalize a parent teaching their kid that this is wrong and should be punished. That's probably one of the reasons for the stigma against homosexuality. And it's a good reason.
You don't want your kids to grow up and to stop the evolution of your lineage. It's human nature to be selfish, just as a lot of homosexuals are being with their rights trumpeting.
What if I, or any other kid, thought it was okay to kiss others of their same sex, then? You may or may not think this is okay, but not every one thinks the same, and thus, this leads to a problem.
The popularization of homosexuality means that some people may be directly influenced by it.
You make the argument on here that some kids may be influenced by violence in video games, but that's why it's rated for seventeen year olds, and their parents need to take responsibility for what their kids watch.
Well, their parents can't stop a bunch of guys or girls fondling other guys and girls in public.
And if it's a selfish interest to not want your kids to go and make out with people of their own gender, then so bet it, but I think a majority would have it that way; and the majority is whom defines the boundaries of society.
Here's some more news for you, heterosexual people ALSO get AIDS...
I can't speak for the guy that you replied to, but I don't believe he was arguing that heterosexual people are less likely to contract aids, or that they cannot contract aids.
I believe that his sentiment was that homosexuality has increased the AIDS rate. Whether or not this is truthful, I don't know, but there's no reason for you to distort the argument.
A heterosexual couple can get a homosexual child and vice versa...
Yes, that is completely true, and there is nothing at all wrong with that. I think the issue is that children are heavily influenced by their parents' actions, beliefs.
Look at the election predictions held every year, where kids in school are polled for whom they think they will win said election. Statistics say that these kids derive their opinions largely from those of their parents, and thus, that these predictions have been remarkably accurate in recent times.
Just harken back to your own childhood, if you had one, and try to imagine the things you did that may have been influenced by the views of your parents.
Children are very influential, indeed, and I believe this is from where the grandparent's argument stems.
I hope gays affect my life more than this AC...
I don't think that's possible. He seems to have affected your life quite a lot. Nevertheless, what's with the holier-than-thou "you're an anonymous coward, haha, I'm better than you" drivel that is constantly strewn around here? Get over yourselves.
The problem for me has been knowing what content belongs to whom. I know there are sites that list labels that the RIAA maintains, but sometimes there are "tiered" labels that are hierarchically 'underneath' an RIAA label. And this extends further than the RIAA, to the MPAA and movie studios. There needs to be an easy way to find out who holds the rights to a given work, so that we can all avoid this media. I received a Notice of Copyright Infringement from a movie studio over a film that I downloaded to preview. (by the way, this film was 6-7 years old)
I would never have downloaded this film, had I known what studio or whatever produced it. Granted, I never would have bought the film any how, as I was only trying to catch up on movies that I hadn't seen, and for that purpose alone.
But were I going to buy something, I'd want to know what I was getting myself into. And even if I were to know the labels after researching a Pink Floyd CD online, it's not quite as simple when I head to WalMart (or a music store, if I had one). Since they're an old (classic) band, there are a lot of reproductions and releases of their works. Sometimes the stores don't have the same versions as were listed on alone, and sometimes they have alternate versions. Some of these must have been released by different production companies, and I'm sure more than one corporation holds rights to distribute their works. So, to me, though I love Pink Floyd, I'm stuck downloading half of their albums, in order to mitigate the risk of supporting corporate tyranny.
Asinine and pretentious as this whole bit may have been, it's what I actually believe, and can any of you guys show me a way to do this now?
So becoming an adult is accepting society's ignorance, the corporations' enslavement, and the government's legislation as it is, without question or action of your own, free thinking mind?
I don't want to be an adult.
That's got to be one of the stupidest posts I've read. Naked is to engine as naked is to processor - something necessary for the function of the car. Software isn't necessary for the function of your computer, instead, it dictates its use. These two items (cars and computers) are not remotely comparable, because a car is a largely mechanical device, which consists of many components, including computers themselves.
While computers may also consist of an array of components, the software installed on a computer is not essential to the function of the device as a whole. The only parallels I can see are in relation to how you operate the automobile or perhaps what software is installed in your car's computer - something which is pretty inaccessible to most, because it is mostly irrelevant in this context, and because one would not likely have an inclination to tamper with that software.
Slashdot Mirror
Normally, that's what you'd do to get around limitations such as this (I do this all of the time). However, for a true XSS attack, you'd need to use GET vars. So, essentially, he wound up doing exactly that, but it was the victim that needed to submit the POST data (so that the user's browser would be in the valid domain when it executed the script (which grabbed the cookie)). The end result is that this is a phishing + XSS combo.
http://www.realsite.com%20www.evilsite.com/badcgi
would appear as a legitimate link to realsite, but would actually go to evilsite, loading the bad cgi. Further, IE would actually send the cookie for realsite to evilsite. I used this to exploit a forum that I frequent back then. You don't feel this to be true XSS? Cross site scripting does not necessarily involve JavaScript, server side, client side, or any combination thereof. It is a common misconception. The flaw can be in the browser, the web application, or the server. Just so you know.
Normally, when I have been awake for a long time, and feel tired, I do not suddenly start mis-using simple words like your. Maybe that's just me.
Is it using WINE? I thought there were no licensed DVD movie players for Linux.
Is dexitrim a synonym for 'diet and exercise?'
If the universe were (13.7, 14.3, or 15.8) billion years old, but, at the same time, 180 billion light years wide, then how could it have been created from the big bang (assuming nothing can travel/'transfer information' faster than the speed of light)? I don't pretend to know anything about physics or astrophysics, and I haven't thought about it, so it's an honest, kneejerk question.
If, by "magnificent," you mean very poor, then you're correct (and the same goes for your own punctuation).
I also hope that you meant 'Israel,' unless you're trying to convey something to us in some sort of newfangled ebonics.
I believe that would be endodontics.
the prosecution will call this evidence A: the prosecution will call this evidence B: I can only draw the conclusion, as a practitioner of dork law under the state of truth and justice, that you were still asking your mother to buy you toys when you were married. The prosecution rests.
Rumpel Stiltskin?
I like the idea of the RIAA Radar (and I'm aware that there are similar sites out there), but as I've told them before, I will never partake of a service that attempts to refer to me as a "consumer."
bin Laden^H^H^H^H^H^H^H^H^HGoldstein :>
There, fixed that for you.
Wait, what? It's not difficult to explain this to kids, but it's difficult to explain this to kids? I don't get it. What are you saying? Maybe you mean it's not hard for the kids to understand?
You'd be sorely mistaken.
I remember seeing two guys kissing in a magazine as a kid, and I didn't know why they were doing that. It seemed very weird and unnatural. I took this to my mom and asked her why two guys were kissing. I remember that she had as hard a time understanding it as I did.
I can understand and rationalize a parent teaching their kid that this is wrong and should be punished. That's probably one of the reasons for the stigma against homosexuality. And it's a good reason. You don't want your kids to grow up and to stop the evolution of your lineage. It's human nature to be selfish, just as a lot of homosexuals are being with their rights trumpeting.
What if I, or any other kid, thought it was okay to kiss others of their same sex, then? You may or may not think this is okay, but not every one thinks the same, and thus, this leads to a problem. The popularization of homosexuality means that some people may be directly influenced by it.
You make the argument on here that some kids may be influenced by violence in video games, but that's why it's rated for seventeen year olds, and their parents need to take responsibility for what their kids watch. Well, their parents can't stop a bunch of guys or girls fondling other guys and girls in public. And if it's a selfish interest to not want your kids to go and make out with people of their own gender, then so bet it, but I think a majority would have it that way; and the majority is whom defines the boundaries of society.
I can't speak for the guy that you replied to, but I don't believe he was arguing that heterosexual people are less likely to contract aids, or that they cannot contract aids. I believe that his sentiment was that homosexuality has increased the AIDS rate. Whether or not this is truthful, I don't know, but there's no reason for you to distort the argument. Yes, that is completely true, and there is nothing at all wrong with that. I think the issue is that children are heavily influenced by their parents' actions, beliefs. Look at the election predictions held every year, where kids in school are polled for whom they think they will win said election. Statistics say that these kids derive their opinions largely from those of their parents, and thus, that these predictions have been remarkably accurate in recent times.
Just harken back to your own childhood, if you had one, and try to imagine the things you did that may have been influenced by the views of your parents. Children are very influential, indeed, and I believe this is from where the grandparent's argument stems.
I don't think that's possible. He seems to have affected your life quite a lot. Nevertheless, what's with the holier-than-thou "you're an anonymous coward, haha, I'm better than you" drivel that is constantly strewn around here? Get over yourselves.
The problem for me has been knowing what content belongs to whom. I know there are sites that list labels that the RIAA maintains, but sometimes there are "tiered" labels that are hierarchically 'underneath' an RIAA label. And this extends further than the RIAA, to the MPAA and movie studios. There needs to be an easy way to find out who holds the rights to a given work, so that we can all avoid this media. I received a Notice of Copyright Infringement from a movie studio over a film that I downloaded to preview. (by the way, this film was 6-7 years old) I would never have downloaded this film, had I known what studio or whatever produced it. Granted, I never would have bought the film any how, as I was only trying to catch up on movies that I hadn't seen, and for that purpose alone. But were I going to buy something, I'd want to know what I was getting myself into. And even if I were to know the labels after researching a Pink Floyd CD online, it's not quite as simple when I head to WalMart (or a music store, if I had one). Since they're an old (classic) band, there are a lot of reproductions and releases of their works. Sometimes the stores don't have the same versions as were listed on alone, and sometimes they have alternate versions. Some of these must have been released by different production companies, and I'm sure more than one corporation holds rights to distribute their works. So, to me, though I love Pink Floyd, I'm stuck downloading half of their albums, in order to mitigate the risk of supporting corporate tyranny. Asinine and pretentious as this whole bit may have been, it's what I actually believe, and can any of you guys show me a way to do this now?
So becoming an adult is accepting society's ignorance, the corporations' enslavement, and the government's legislation as it is, without question or action of your own, free thinking mind? I don't want to be an adult.
That's got to be one of the stupidest posts I've read. Naked is to engine as naked is to processor - something necessary for the function of the car. Software isn't necessary for the function of your computer, instead, it dictates its use. These two items (cars and computers) are not remotely comparable, because a car is a largely mechanical device, which consists of many components, including computers themselves. While computers may also consist of an array of components, the software installed on a computer is not essential to the function of the device as a whole. The only parallels I can see are in relation to how you operate the automobile or perhaps what software is installed in your car's computer - something which is pretty inaccessible to most, because it is mostly irrelevant in this context, and because one would not likely have an inclination to tamper with that software.