« Frontpage takes down superhacker | Main | Pentagon hacker says charges have been manufactured »

Stealing User Information Via Auto Form Filling

Rsnake has an interesting blog entry (yes it's a few days old, I don't read it daily, so whatever) regarding utilizing XSS to steal auto form fill values.

"Some (not all) automated input automation tools do so blindly. That is, they don't ask for user input when they input data. In fact they don't really do much validation at all, except the names of the common form fields. So what does the attacker do? They create a form submission inside their XSS script with all the common field names that they are interested in. Once the automated input box enters all that information it captures it and logs it." - RSnake

For those of you who haven't checked out his blog and are interested in web security, and blackhat SEO I advise you do.

Article Link: http://ha.ckers.org/blog/20060821/stealing-user-information-via-automatic-form-filling/


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!