tag:blogger.com,1999:blog-23714519.post5559620917859841365..comments2023-10-18T02:14:08.061+11:00Comments on Alex's Corner: Dynamic XSS Payloads in the face of NoScriptkuza55http://www.blogger.com/profile/03932544559060480887noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-23714519.post-79214671352244757322008-11-28T20:45:00.000+11:002008-11-28T20:45:00.000+11:00cool stuff!cool stuff!Gunwant Singhhttps://www.blogger.com/profile/09040406467802430654noreply@blogger.comtag:blogger.com,1999:blog-23714519.post-35159713030165370462008-10-01T09:08:00.000+10:002008-10-01T09:08:00.000+10:00Abusing an open proxy would work of course, but mo...Abusing an open proxy would work of course, but most sites don't have those, and using this method would not require anything other than the xss-ed domain to be trusted, so IMO it is simply a safer bet.kuza55https://www.blogger.com/profile/03932544559060480887noreply@blogger.comtag:blogger.com,1999:blog-23714519.post-52116091559325296152008-10-01T00:57:00.000+10:002008-10-01T00:57:00.000+10:00What about loading the dynamic content through an ...What about loading the dynamic content through an injected script tag that makes the payload available via global javascript variable? It could be loaded using an open proxy on a trusted domain...granted you won't have 100% coverage, but chances are good that many people have the trusted domain whitelisted.Anonymousnoreply@blogger.com