Exploiting Reflected XSS.

Publicated on : 1184162639
Today I read the well written article by Alex aka kuza55. Alex is one of the few with very in depth knowledge of Cross site scripting I know, and he also will show you how if you let him. So it was no surprise, this is a very good article. If you thought you knew it all, go ahead and learn some more about XSS from Alex. I enjoyed reading it.

Introduction:
Ever since Adobe patched Flash player to stop attackers spoofing certain headers such as Referer, User-Agent, etc, it has been considered impossible to exploit XSS vulnerabilities where the user input is taken from a request header(...) With the exception of the Referer header which we can control enough to exploit XSS attacks through it.

Read on: