4. use xss to IFRAME or otherwise leverage a client exploit imho this is by far worse than any of the other vectors mentioned
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
