Your login form posts to HTTPS, but you blew it when you loaded it over HTTP (troyhunt.com) 4 points by troyhunt 13y ago ↗ HN
[–] [dead] daemonfire300 13y ago ↗ XSS. This is a side-effect of XSS. If you can not insert your script into the users browser you can't do anything. And if you are able to XSS you can do more than just scrap the password.
1 comment
[ 4.9 ms ] story [ 24.2 ms ] thread