This situation takes place on forums, chats, or bulletin boards that allow users to specify special sequences that will be converted into links.
An example of this was given earlier: the [A=href]text[/A] construction.
Suppose the attacker creates the following message:
This vulnerability can be used for the following:
Obtaining the cookie of a random or target user
Performing concealed actions on behalf of the administrator
Exploiting the session-fixing vulnerability
Performing hidden manipulations with the opened page
For example, to steal the cookie of the target user, the attacker could stealthily put a link with the following value of the href attribute:
In addition, note that such an attack doesn't need the XSS vulnerability; therefore, it is quite dangerous. The only thing that prevents this technique from being universal is that a user is likely to look at the status bar of the browser and suspect the attack because he or she won't see the usual HTTP:// prefix. In addition, the script won't execute in the context of the currently-opened site if the user opens the link in a new browser window.