Active attack. The user visits website A and saves A’s login status (cookies and other information) in the browser. The attacker induces the victim to visit website B. Website B contains malicious code to access the A interface. The victim visits B with A’s login status. The attacker...
This comic has become rather famous, spawning a site athttp://bobby-tables.comabout preventing SQL injection and also at the officialPython SQLite documentation. Noted security expertBruce Schneier(who often quotes xkcd)mentioned a similar attackthat happened in the 2010 Swedish general elections, an...