== TO_JSON XSS Rails exploit, proof of concept - Bart.tenBrinke@movesonrails.com

Untar
Check config/database.yml
Create MYSQL DATABASE json_xss_dev
rake db:migrate to create the client table
ruby script/server to start the application

Head via your browser to: 0.0.0.0:3000
Head to /clients

Add a few names, visit the xss page (/clientxss)
Take a look at the source, you'll see your names in the javascript client variable.

Add a new client by copy-pasting the textarea contents into the the firstname or lastname field

Head to /clients, this should work perfectly
Head to /clientxss, this should result in a popup saying XSS
