though vulnerable, couldn't one see that the page changes (refreshes, redirects, any change)? Shouldn't one be suspicious of this, especially on a trusted page? when I tried the test on secunia, I could tell that the page was changed (not because of the content). Could this exploit be made to change faster or in a more subtle fashion? idk, I say the effectiveness of this exploit against a user with a good head on their shoulders is limited. Am I missing something?
While this might be true to us, this doesn't hold water to the large majority of Internet users today. Click Click Click Click this is all they know. I say the users on the internet with a good head is limited.


/2 cents