Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:With all due respect (Score 1) 167

by rehashed (#15902969) Attached to: How to Crack a Website - XSS, Cookies, Sessions

The only reason he needed to "phish" was that this site had a maxlength on the relevant textbox

What on EARTH are you talking about?
So now we are expecting users to type in the relevant Javascript to perform the XSS themselves?
Or are we now performing XSS via XSS, which would depend entirely on guessing whether or not your target had an account, and intended to log in at said web-application before session timeout...
Geez, get a clue!

He keeps differentiating, flying off on a tangent.

Working...