Impact of Cross-Site Scripting vulnerabilities on social networking sites
Take a walk through most workplaces and you will surely notice someone browsing a social networking site. No wonder that website popularity services like Alexa rate Facebook the second most visited website after Google and before Youtube! We trust these websites to reflect the public image that we want to portray and sometimes even trust with secrets. A single cross-site scripting vulnerability allows attackers to do anything (that the victim may do) on behalf of the victim. In this article we will look at how Facebook accounts could be compromised through such a simple, yet effective vulnerability.
HTTPOnly does not protect your site (or Facebook) from XSS exploitation
More info and video demo: http://www.acunetix.com