Re: [Full-disclosure] XSS in www.paypal.com

Thu, 06 Jun 2013 17:15:55 -0700 

Nope. Just because you can inject JavaScript does not mean you have access
to the user's session cookies.


On Thu, Jun 6, 2013 at 3:28 AM, Kingcope <
[email protected]> wrote:

> Yours!
>
> Am 05.06.2013 um 19:24 schrieb Ryan Dewhurst <[email protected]>:
>
> > Which user cookies can you steal?
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Reply via email to