Outer Web | Explore

Explore >> Select a destination

You are here		chefsecure.com Hacking YouTube Likes with JavaScript: XSS Attack Chef Secure
\|	\|	www.michalspacek.com Stealing session ids with phpinfo() and how to stopit \| Michal ?pa?ek	4.5 parsecs away Travel
\|	\|	Stealing session ids from phpinfo() output has been a known technique for some time, and is used to bypass the HttpOnly attribute, which prohibits JavaScript from accessing a cookie marked as such (e.g. PHPSESSID). Ijust now thought of a solution that allows you to keep your phpinfo(): we'll simply censor the sensitive data, making phpinfo() lose some of its value to the attacker.	4.5 parsecs away Travel
\|	\|	neilmadden.blog XSS doesn't have to be game over - Neil Madden	3.2 parsecs away Travel
\|	\|	A message I'm very used to seeing - but does XSS have to mean game over for web security? There's a persistent belief among web security people that cross-site scripting (XSS) is a "game over" event for defence: there is no effective way to recover if an attacker can inject code into your site. Brian...	3.2 parsecs away Travel
\|	\|	www.miguelxpn.com Server side XSS	3.3 parsecs away Travel
\|	\|	XSS stands for Cross Site Scripting, it's basically when input is not properly sanitized somewhere and a malicious actor can inject unintended javascript somewhere. That javascript will be executed by some unsuspecting user's browser and then bad stuff can happen.	3.3 parsecs away Travel
\|	\|	b.fl7.de Amazon.com Stored XSS via Book Metadata - Benjamin Daniel Mussler's InfoSec Blog (B.FL7.DE)	22.5 parsecs away Travel
\|		I have found a Stored Cross-Site Scripting (XSS) vulnerability on Amazon.com. This post explains the issue and describes a possible venue of exploitation.	22.5 parsecs away Travel