|Posted by:||Scott Ocamb (soca…@hotmail.com)|
|Date:||Wed, 10 Dec 2008|
I would like some help in understanding XSS security vunerabilities.
i can see where a "hacker" could cause implementation vunerable to XSS
attacks inject java script to the page and cause weird stuff to happen on
I can also see how a hacker could notice some vurerable code, and mock up a
page that looks legitimate, and send it to someone and cause them to pass on
private information to the hacker.
What i cannot understand is how a hacker could gather information from
another users session . and get private information. Is this possible and if
i have a customers site that has vunerable pages but we need to prioritze
what we fix and want to focus of pages where private information is in play.
or i could have missed something else..
any help would be appreciated.