From: Jeremy Saintot (jeremy.saintot@gmail.com)
Date: Wed Aug 22 2007 - 10:51:15 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi folks,
I have been wondering for a certain time what can be done concretely
with cross-site scripting. I mean, for example a Web
page on which I input an incorrect email address which results on a
page which says "your address [string entered] is invalid".
I can eventually generate a Javascript alert box containing my
own cookie, or things like that, but that does not have any
advantage for me.
I understand the interest to use XSS on message boards or others,
consultable by many people, but on simple pages like that, which I am
the only one to see? What can be done?
Thank you for your help ;)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGzE1jb2WOwcVpNXURApHqAKCRYsYqyIH8d0MQ8ZP4UQZ7rhvIoQCfb6to
mZLy47G7PaN0zfowc0vn4Uk=
=1hoD
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:03 EDT