Hacker News new | past | comments | ask | show | jobs | submit login

So the attack vector here is to send someone a link to the search results page with a malicious query that injects JS into the page to decode the users password and then submit it to the attacker's backend collection server? Is that right?



No. A more effective vector would be to send them to a funny video page to watch, that has nothing to do with McDonalds. And inside that video page you have a hidden iframe pointing to the malicious query which submits the McDonald's password to another backend server.


meh, make a mcdonalds.com search link that generates "Congratulations, you won a free mechanically deboned meat product!!1" and share it on bookface.


That's the basic principle of XSS. A few years ago an XSS epidemic broke out where dozens of major websites were found to be vulnerable to cookie theft. Attackers could make a single page with dozens of sneaky iframes, one per vulnerability. Usually the contents of the cookie allows you to continue a user's session, though there can be all kinds of stuff idiotically stored directly in the cookie, as can be seen in this prime example.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: