[Owasp-delhi] Phishing with XSS
s.parmendra at gmail.com
Wed Feb 25 06:26:56 EST 2009
Hello OWASP Members,
I have a doubt and here it is......
In performing Phishing with XSS a script like "do.js "
can be used to change the original login page to the attackers choice
without actually changing the URL.
Now my question is that for performing the abovesaid case this script needs
to be executed by the browser without the user's concent. In general
scenerio while requesting for a script like this first a Pop up is given by
the browser asking whether to run or to save the script.
Thanks and Regards:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Information Technology
Government of India
6 C.G.O Complex
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-delhi