Revision as of 08:42, 20 February 2011 view source Pleasancoder (talk \| contribs) 76 edits →Secure and HttpOnly ← Previous edit		Revision as of 09:12, 20 February 2011 view source Pleasancoder (talk \| contribs) 76 edits m →Cross-site scripting – just do it Next edit →
Line 286: For example, on MySpace, Samy posted a short message “Samy is my hero” on his profile, with a hidden script to send Samy “friend request” and then post the same message on victim’s profile. A user reading Samy’s profile would send Samy “friend request” and post the same message on this person’s profile. Then, the third person reading second person’s profile would do the same. Pretty soon, this [[Samy worm]] became one of the fastest spreading viruses of all time. This method (with automated scripts) would not work if a website had [[CAPTCHA]] to challenge client requests. === Cross-site scripting – proxy request ===

HTTP cookie: Difference between revisions