[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] XSS in www.paypal.com
- To: Kingcope <isowarez.isowarez.isowarez@xxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] XSS in www.paypal.com
- From: Ryan Dewhurst <ryandewhurst@xxxxxxxxx>
- Date: Thu, 6 Jun 2013 16:29:03 +0100
Nope. Just because you can inject JavaScript does not mean you have access
to the user's session cookies.
On Thu, Jun 6, 2013 at 3:28 AM, Kingcope <
isowarez.isowarez.isowarez@xxxxxxxxxxxxxx> wrote:
> Yours!
>
> Am 05.06.2013 um 19:24 schrieb Ryan Dewhurst <ryandewhurst@xxxxxxxxx>:
>
> > Which user cookies can you steal?
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/