|
|
|
Sponsored Link •
|
Summary
JavaScript is not as innocuous as some would like to believe.
|
Advertisement
|
There was some doubt in the follow-up to my last blog entry about whether JavaScript, or other scripting languages for that matter, can be used to mount effective XSS attacks. Unless you disable scripts in your browser, you can, as I hope to show here.
Here is a button that shows your session cookie and takes you to my web site.
The cookie is not sent to my server when you press the button, but, technically, there is nothing stopping me from doing that. I can then hijack your session, for example.
Have an opinion? Readers have already posted 5 comments about this weblog entry. Why not add yours?
If you'd like to be notified whenever Johan Peeters adds a new entry to his weblog, subscribe to his RSS feed.
 | Johan Peeters is an independent software architect who spends a lot of time plumbing and generally fixing leaks. |
|
Sponsored Links
|
Digg
del.icio.us
Reddit