From: Matt Andreko (mandreko@ori.net)
Date: Tue Aug 06 2002 - 17:56:04 EDT
I am kinda new to XSS, but am intrigued by how it works. I have found
sometimes you can get javascript messages to pop up and such, but if
it's not being stored in a database, what good is it?
Take for example Iwillusa.com (a motherboard maker's website). They
have a product page that I saw had some html in the URL:
http://www.iwillusa.com/products/spec.asp?ModelName=DVD266>u</i>-RN&Su
pportID=
I edited it and it became:
http://www.iwillusa.com/products/spec.asp?ModelName=DVD266u-RN