08-15-2006, 10:27 AM
Quote:XSS, Cookies, and Session ID Authentication  Three Ingredients for a Successful Hack
Cross site scripting (XSS) errors are generally considered nothing more than a nuisance  most people do not realize the inherent danger these types of bugs create. In this article Seth Fogie looks at a real life XSS attack and how it was used to bypass the authentication scheme of an online web application, leading to "shell" access to the web server...
full article: http://www.informit.com/articles/article.asp?p=603037&rl=1