|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Mark Curphey (mark
curphey.com)Date: Tue Oct 23 2001 - 09:30:32 CDT
Does anyone have a really good explanation of how cross site scripting could
work with no user intervention at all...I have seen lots of ways to pass
JavaScript like URL and Unicoded (and OWASP are writing them up) but I
haven't seen a good explanation of how it can be used on a totally innocent
user...all the exploits I have *seen* have involved first tricking the
target into clicking a hyperlink...
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]