Why do you need it ?
You already discovered xss, the rest of "job" is just matter of technique.
I think majority of xss submitters here could do it by various means.
M$ is lost in its own complexity of how to do simple things.
If you could ever give me reasonable answer for why do you need this $hit - I could give you the "rest", like others could.
I doubt you actually tried getting js executed on page load (for some reason they try to prevent xss in a number of ways).
I did try and didn't succeed, that's why I ask.
Greets,
Thomas
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
