Web application security - the fast guide 1.1 | Page 135

Chapter 6 - Attack execution (2) P a g e | 135 Example: The vulnerable page use a mechanism to show the name of the current page at the top of the page using javascript. the attacker sends a message containing the following link document.cookie” > the sent link This will be sufficient to send the cookie object to attacker site when clicked by the victim.