|
|
|
|
|
|
by bfred_it
3045 days ago
|
|
|
In short: this works when the SERVER returns a page with pre-entered information. This is common when returning to a form you previously filled, like an address for, but it's very, very rare for this to happen to a password field. Like, why would a server send you a password field with your real password pre-entered? Every other type of data is fair game... given that the attacker can inject CSS into your pages. |
|
|