Advanced cross site scripting and client automation
by Gavin Zuchlinski - Wednesday, 29 October 2003.
This paper discusses one method of exploiting POST variables vulnerable to cross site scripting and secured areas protected by a temporary session. Following a natural progression of the method of exploitation I arrived at client automation, the forcing of a client to submit a form in effect allowing an attacker to change settings for a client.

Download the paper in PDF format here.

Spotlight

Hackers indicted for stealing Apache helicopter training software

Posted on 1 October 2014.  |  Members of a computer hacking ring have been charged with breaking into computer networks of prominent technology companies and the US Army and stealing more than $100 million in intellectual property and other proprietary data.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Oct 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //