WebApp Sec mailing list archives
Re: XSS
From: "Sverre H. Huseby" <shh () thathost com>
Date: Thu, 19 Dec 2002 21:27:25 +0100
[Matthew Miller] | First, there are really two types of XSS. Persistent, where the | injected code is stored within the web application, such as in | distribution lists, databases, etc..., Transaction based, | requiring a user to perform an action in order to be affected, | such as click on a link, view a page with malicious script in it, | etc... Sorry for answering this late... I've come to call the latter "socially engineered XSS" (SEXSS? :) ), as it most often will involve some kind of con in order to make the user follow the link. Is that a good name? Sverre. PS: I've just finished "The Art of Deception" by Kevin Mitnick. I guess that's why I suddenly came up with the name. An enjoyable book, BTW. -- shh () thathost com Computer Geek? Try my Nerd Quiz http://shh.thathost.com/ http://nerdquiz.thathost.com/