If a web application is vulnerable to cross-site scripting one of the actions that attackers attempt to perform is capturing the users session cookies and ultimately hijacking their account. In this Video we see how an attacker exploits stored XSS to target an admin user on the vulnerable application and steals the session cookie to hijack the admin account and get access admin functions and data and fully compromise the application.
Web Security Academy Lab: Exploiting cross-site scripting to steal cookies:
portswigger.ne...
NOTE: This video is made ONLY for educational purposes and to help developers and security researchers to enhance their security knowledge. Therefore, allowing them to remediate potential vulnerabilities in their OWN applications.
Twitter: / tracethecode
Негізгі бет Exploit Cross-Site Scripting(XSS) To Capture Cookies
Пікірлер: 34