Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Ethical hacking (http://www.go4expert.com/forums/ethical-hacking-forum/)
-   -   xss (http://www.go4expert.com/forums/xss-t5725/)

zero963 7Aug2007 07:54

xss
 
hello everyone, i have been googling my mind out try to figure how to use an xss (cross site scripting) exploit like this one:

http://www-tech.mit.edu/search.html?...%3E%3Cscript%3
Ealert(1)%3C/script%3E&cof=FORID%3A11#210 (courtesy of xssed.com;)


and others that can be executed in the url. keyword being "url" cause i already figured out how to make,find,configure,and execute "hotkeys",
but i dont know how a remote attacker uses this (lack of a better term) "url injection", where the attacker types in a exploit like this one in his browser and magically another users cookies are sent to his cookie grabber.

or mybe i totally iam lost and the above exploit has to be executed by the victim using a hot key or the web page has to already be compermised and the above url is than injected into the page after write access to the web page has been exploited.


or lastly, mybe this "url injection" injects code into the vulnerable script that is being exploited. dont know, but i really want to find out and dont say google it cause i have read every xss tutorial, explanation i could find and well mybe i just need to here a little more detailed answer than what ive read.

pradeep 7Aug2007 10:08

Re: xss
 
Read more here http://en.wikipedia.org/wiki/Cross_site_scripting


All times are GMT +5.5. The time now is 04:00.