RE: XSS on a Username input into a login page 01-22-2014, 05:29 PM
#5
Another more secret-ish XSS attack would be say a Shopping Cart, where you can add items in via a ?id=x, however, this one isn't designed to reveal information, it's an attempt to try and get people to spend more money then what they originally intended.
Also, finding XSS attacks like the one you want, is actually quite hard, unless you found an idiot who doesn't listen to what his told, because in every tutorial for web development ever made, they make note: If it contains user input. sanitize it. Rare cases such as, say an "ID" for a blog post, or a forum article, are left un--sanitized, because People don't expect anything but a number, and truth be told, i've done that several times....
Also, finding XSS attacks like the one you want, is actually quite hard, unless you found an idiot who doesn't listen to what his told, because in every tutorial for web development ever made, they make note: If it contains user input. sanitize it. Rare cases such as, say an "ID" for a blog post, or a forum article, are left un--sanitized, because People don't expect anything but a number, and truth be told, i've done that several times....
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)