In order for that to be useful you need to get someone else to click on the link. This is generally not to difficult depending on your target. Remember e-mail is easily forged. On 8/6/02 2:56 PM, "Matt Andreko" <mandrekoat_private> wrote: > I am kinda new to XSS, but am intrigued by how it works. I have found > sometimes you can get javascript messages to pop up and such, but if > it's not being stored in a database, what good is it? > > Take for example Iwillusa.com (a motherboard maker's website). They > have a product page that I saw had some html in the URL: > http://www.iwillusa.com/products/spec.asp?ModelName=DVD266>u</i>-RN&Su > pportID= > I edited it and it became: > http://www.iwillusa.com/products/spec.asp?ModelName=DVD266u-RN