Archive for May, 2008
1-step, 2-step XSS! (Part II)
I neglected to mention in the original post what the implications of two-step XSS there are.
The behaviour of some website to put in viewstate and cookies may well be used to fight CSRF. If that’s the case, it may be possible to inject malformed strings into the viewstate by forcing errors. So you may well [...]
1-step, 2-step XSS!
Everyone in security knows about XSS where malformed strings in the form of code can be injected into parameters of pages. But something that has been seen lately by yours truly is a two-step XSS attack. The basic idea is to inject malformed strings and script tgs into one page and then view another page, [...]
