simple xss question

[coder316]

Hello,
One thing I dont understand about XSS:
1.There is a page with a text box
2. I inject some Javascript into that textbox that shows a form in a
new div that can send content somewhere.


Am I not the only one that sees this form? What good is it if the next
person that goes to the website just sees the page sent from the
server correctly?

Thanks

 

[Lee Atkinson]

Its usually more of a problem when they get access to your filesystem or
database ... As i've found out the hard way

 

[Guest]

Hello,
One thing I dont understand about XSS:
1.There is a page with a text box
2. I inject some Javascript into that textbox that shows a form in a
new div that can send content somewhere.

Am I not the only one that sees this form? What good is it if the next
person that goes to the website just sees the page sent from the
server correctly?

Thanks

If attacker will managed to get the victim to visit the injected URL,
then he/she could get either user cookies or even redirect to another
site...

 

[AMP]

If attacker will managed to get the victim to visit the injected URL,
then he/she could get either user cookies or even redirect to another
site...

If you inject the js then you are the attacker and the victim, what
good is it? What am I missing?
Like I said, everyone else gets a new page from the server, not from
me (The attacker).
????

 

[Guest]

If you inject the js then you are the attacker and the victim, what
good is it? What am I missing?
Like I said, everyone else gets a new page from the server, not from
me (The attacker).
????- Hide quoted text -

- Show quoted text -

When form has XSS problem, an attacker can send injected link to you
via email or post it somewhere on a public website. You click on it
and the injected code will be executed. Modern browsers have filters
to prevent XSS, but it still can be a problem, e.g. when XSS filter is
disabled or you have old version, etc.