Cross-zone scripting is a browser exploit taking advantage of a vulnerability within a zone-based security solution.The attack allows content (scripts) in unprivileged zones to be executed with the permissions of a privileged zone.

l4in my friends from lifedork.com said it to me several days ago, rfi is so last year,now is xss times!,although i have post about xss or cross site scripting but i do not use this technique a lot, since last year is rfi is really booming, we use exploit or shell to get owning a box. but now is code injection era. bet i have to more understand about scripting.

i won’t give you demo how to do simple cross site scripting now, we can get it at the most well known xss directory. you can find xsses website at xssed.com , they post every website the xssed. even google or yahoo. just now i open that site, the post a vulnerability at google groups, but the big G has fix it soon ,.

here little present from me , a very good basic about xss, it a paper by Xylitol, you can read and understand more about css here,next i’ll post something more practical ,