When you enter data in a login form, Firefox ask if I want to save that login for future logins. I use this feature all the time and have about 20-30 logins saved in Firefox. Whenever I visit a site, and Firefox has login credentials associated with that site, Firefox automatically fills in values in to the DOM. This way you can simply hit submit.
-
Find xss bug.
-
Load the login form into the DOM
-
Use javascript to access the data
Usually, users are already logged in, so the login form is not available. Then you could simply log the user out first by forcing;
GET /logout.php.You also have to wait for the page to fully have loaded, before you can access data.
I think RSnake in 2006, was the first to publicly talk about this technique.