XSS demo for stealing passwords from the IE8 password manager
Similar technique may work for Firefox, Safari, Chrome, Opera, etc. Your mileage may vary.
1. Save a username / password in IE8's password manager by filling out the form below with fake data.
2. Clicking "Yes" when asked.
3. Then click back.
If successful, after inserting your fake username, the alert box should show your password.
THE XSS EXPLOIT PAYLOAD