[ OWASP - Montreal ] Confusion about XSS...
benoit.guerette at gmail.com
Wed Dec 17 14:02:01 EST 2008
Am I wrong, or to be declared as XSS vuln. the script must be injected from
an external source, not the site itself?
What if ebay allow html script tags in the auction text, is it an XSS? If
not how do you call this? The site is the source...
This script would send the authenticated user cookie to the attacker,
allowing session hijacking.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-montreal