Hacker News new | ask | show | jobs
by rmbyrro 1023 days ago
But then the attacker URL will be different.

That doesn't look like a new attack vector, this is called phishing, isn't it?

XSS means you can inject and persist code in a webpage maintaining the same URL accessed by other users.

If you create a bigbank-fake.com and copy a manipulated version of bigbank.com's HTML, this is not XSS.
1 comments
ddtaylor 1020 days ago
Correct, except that in this case ALL the sites use "bigbank.com"
link