Advanced XSS paper and semi-new attack

[Gavin Zuchlinski <gzuchlinski () pgsit org>]

Hi everyone,
I recently wrote a short paper on advanced methods of cross site scripting 
exploitation (against POST variables and secure areas which require 
authentication every session). In coming up with the methods of exploitation 
I realized they could be generalized to a somewhat different type of attack I 
dubbed client automation. This is basically just the forcing of a client to 
submit a form without their knowledge and change settings, which exploits the 
trust in many web based scripts that a user who submits a form is in fact 
submitting the form.
The paper can be found at http://libox.net/xss.php .

-Gavin