XSS: Gaining access to HttpOnly Cookie in 2012 发表评论 664 次浏览A+所属分类:WooYun-Zone http://seckb.yehg.net/2012/06/xss-gaining-access-to-httponly-cookie.html >> 呼叫 @xsser @p.z @Sogili @gainover @0x_Jin 1# 0x0F (…………………………………………………………………………………………………………………………………………………………………………………………………………………………….) | 2013-05-05 14:19 昨天还在想这个,想了个大半夜。。 2# z7y (小胖子首席鉴黄师) | 2013-05-05 14:30 @Lmy 本人么- – 3# Stream | 2013-05-05 16:43 @蟋蟀哥哥不是翻译过吗?http://www.oschina.net/translate/xss-gaining-access-to-httponly-cookie 4# 昵称 (</textarea>’”><script src) | 2013-05-27 10:14 马克吐温 5# GaRY | 2013-05-27 11:57 btw,关于httpOnly的窃取,之前还有这一个:https://gist.github.com/1955a1c28324d4724b7b/7fe51f2a66c1d4a40a736540b3ad3fde02b7fb08