Well after I have been practising SQLi for a while I started looking at XSS vulnerability to see how they could help me in Runescape hacking. I have a few questions for anyone who knows what they are talking about (bear in mind I know very little so some of the things I say may be incorrect)
Ok, well what I was wondering was; for example if I where to find an XSS in google for example and from this I set-up a cookie grabber and I knew that someone on Runescape had an account with the email [email protected]
linked to it, if I were to send this person to the cookie grabber on the google page, would I be able to log into that persons session and from there gain control of their email or would google have some way of combating this?
EDIT: I also asked someone on HF something similar but the only reply I got was "while the cookie is valid" I was really looking for more of an explanation as, like I said I am new to XSS.
Ok, well what I was wondering was; for example if I where to find an XSS in google for example and from this I set-up a cookie grabber and I knew that someone on Runescape had an account with the email [email protected]
linked to it, if I were to send this person to the cookie grabber on the google page, would I be able to log into that persons session and from there gain control of their email or would google have some way of combating this?
EDIT: I also asked someone on HF something similar but the only reply I got was "while the cookie is valid" I was really looking for more of an explanation as, like I said I am new to XSS.
