Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Im getting more into preventing xss attacks and one of the ways I’m doing that is by finding and fixing exploits. I noticed that i see document.vulnerable in alot of the attacks I’ve logged.
I can’t seem to find much documentation on this so I’m left wondering what does it do or what is it for?
AFAIK it’s just a way of testing if an attack works. You try to inject a script containing
document.vulnerable = trueinto a page, then you go to the page and see if document.vulnerable is set.