Attribute-Based XSS and Verifying if your webmail account is Hacked!

These days, i am just plain lazy. Maybe it is due to the mood that i am going back to Singapore or maybe i am just depressed with certain issues here. But whatever it is, i am still doing a lot of researching and penetration testing work. Its been a long time since i last visited Jeremiah's blog. Today, i just went through his blog and discover two interesting topic that catch my eye. One is a new XSS vector known as Attribut-Based Cross-Site Scripting and How to check if your WebMail account has been hacked (Redux). Check it out at http://jeremiahgrossman.blogspot.com. He described a way of how to find out a hacker had hacked into your webmail, how the new XSS vector worked and how to prevent it. It is ab absolutely must read for all webappsec ppl.

The Hacka Man