(27-02-2013, 11:57 PM)NeoTerra Wrote:

(27-02-2013, 11:33 PM)Jayro Wrote: Nothing needs to be submitted. It could store the password the same way it is using Ajax to turn it into a variable and run it through all of the security tests. It may not get posted to the server right away, but could probably be placed in a cookie and read later.

Looking at the script, there isn't anything there that seems suspicious xD

Well it could easily be modified to log passwords. :)