Advanced cross site scripting and client automation

This paper discusses one method of exploiting POST variables vulnerable to cross site scripting and secured areas protected by a temporary session. Following a natural progression of the method of exploitation I arrived at client automation, the forcing of a client to submit a form in effect allowing an attacker to change settings for a client.

Download the paper in PDF format here.