XSS Attack Methods • Chapter 5 203
Q: How many URL’s can be tested in the various history stealing hacks?
A: No.According to RFC 1918, non-routable IP addresses are well documented and most home broadband users are using 192.168.1.0 or 192.168.0.0 ranges so educated guesses
A: No.The same-origin policy in the browser will prevent that behavior unless a second stage XSS attack is leveraged.
Q: Will solutions such as multi-factor authentication, SSL, custom images, virtual keyboards, takedown services, and the like prevent this style of attack?
Stealing Search Engine Queries