Hi Michael
> There have been quite a few alerts on cross scripting > and I'm somewhat confused on the issue. Assuming the > offending script is coming from an offending site (not > an e-mail with script code appended to victim url or > offending script picked via bulletin board shared > page) and victim site is a site where sensitive > transactions can only be initiated after a valid > login, what's going on. > > Is it a situation where victim is logged into legit > site and while session is open opens another session > (through another browser window) with bad guy site and > bad guys site has link to legit site appended with > offending script ? If there are two separate windows, > how does the offending code get passed to victim site > ? > You seem to confuse "sessions" with browser windows. When I log in then the site I log in to will create and maintain a session. If after that I open another location (no matter if in the same or another browser window) then that session will continue to exist (until some timeout has been reached or until i log out) Most commonly the browser will access sessions by solely providing a cookie-stored session id to the server. This ID will be sent to the site by any instance of your browser. So if you're logged in, a crafted link (no matter from which source) will be authenticated by the site you are logged in to. > > Mike Christian
