On Sun, Jun 7, 2009 at 6:24 PM, Mark S. Miller <erights@google.com> wrote: > On Sun, Jun 7, 2009 at 4:29 PM, Adam Barth <w3c@adambarth.com> wrote: >> >> Right, but once the attacker has XSSed site A, the attacker learns the >> secret token necessary to issue the next request in the chain to site >> A regardless of the method. > > > Recall that this is in response to > > On Sun, Jun 7, 2009 at 2:53 PM, Mark S. Miller <erights@google.com> wrote: >> >> If servers at A don't freely hand out such tokens in response to guessable >> GET requests, > > So, if servers at A don't do this, how does the attacker, having XSSes site > A, learn the secret token necessary to issue the next request? The same way the user does: by generating a click event on whatever DOM element leads to the next page. AdamReceived on Monday, 8 June 2009 06:19:28 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:11 GMT