XSS Question

Giganews Newsgroups
Subject: XSS Question
Posted by:  Scott Ocamb (soca…@hotmail.com)
Date: Wed, 10 Dec 2008

I would like some help in understanding XSS security vunerabilities.

i can see where a "hacker" could cause implementation vunerable to XSS
attacks inject java script to the page and cause weird stuff to happen on
his machine.

I can also see how a hacker could notice some vurerable code, and mock up a
page that looks legitimate, and send it to someone and cause them to pass on
private information to the hacker.

What i cannot understand is how a hacker could gather information from
another users session . and get private information. Is this possible and if
so how.

i have a customers site that has vunerable pages but we need to prioritze
what we fix and want to focus of pages where private information is in play.

or i could have missed something else..

any help would be appreciated.

Replies