Hacker News new | past | comments | ask | show | jobs | submit login

This is not a hack it's basic Javascript.

If a malicious hacker can insert some script in a trusted page, security is pretty much completly broken and you have other worries. The fact that you can make links in this page point to other malicious pages seems like a small problems as most people won't even check the domain before clicking the link.

I would think that some users are most likely to check the address bar after clicking the link. But my dad would probably woudn't see anything.




With relative ease, you can build websites with a cheap $10 SSL that can impose to be a PayPal page. JavaScript can provide phishing and accessing cookies, but beyond that, I'm not really sure what else it can offer.

It may be simple code, but I think the title of the post explained that.


> JavaScript can provide phishing and accessing cookies, but beyond that, I'm not really sure what else it can offer

if you had success putting your JS payload on target website you can do anything. Period. From from stealing user's passwords (http://homakov.blogspot.com/2012/11/xss-save-your-password-p...) to executing any authorized request POST /send_money. The last thing attacker will do is to "phish" you.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: