hello everyone, i have been googling my mind out try to figure how to use an xss (cross site scripting) exploit like this one:
Ealert(1)%3C/script%3E&cof=FORID%3A11#210 (courtesy of xssed.com
and others that can be executed in the url. keyword being "url" cause i already figured out how to make,find,configure,and execute "hotkeys",
but i dont know how a remote attacker uses this (lack of a better term) "url injection", where the attacker types in a exploit like this one in his browser and magically another users cookies are sent to his cookie grabber.
or mybe i totally iam lost and the above exploit has to be executed by the victim using a hot key or the web page has to already be compermised and the above url is than injected into the page after write access to the web page has been exploited.
or lastly, mybe this "url injection" injects code into the vulnerable script that is being exploited. dont know, but i really want to find out and dont say google it cause i have read every xss tutorial, explanation i could find and well mybe i just need to here a little more detailed answer than what ive read.