HTML5 Storage Exfil via XSS - Tradecraft Security Weekly #23
Jan 12, 2018 ·
14m 30s
Download and listen anywhere
Download your favorite episodes and enjoy them, wherever you are! Sign up or log in now to access offline listening.
Description
It is fairly common for pentesters to discover Cross-Site Scripting (XSS) vulnerabilities on web application assessments. Exploiting these issues potentially allow access to a user's session tokens enabling attackers to...
show more
It is fairly common for pentesters to discover Cross-Site Scripting (XSS) vulnerabilities on web application assessments. Exploiting these issues potentially allow access to a user's session tokens enabling attackers to navigate a site as the victim in the context of the web application. In this episode the hosts Beau Bullock (@dafthack) & Mike Felch (@ustayready) demonstrate how to exploit a XSS vulnerability to access HTML5 local storage to steal a cookie. (Sorry the camera video feed froze at 9 minutes)
show less
Information
Author | Security Weekly |
Organization | Security Weekly |
Website | - |
Tags |
Copyright 2024 - Spreaker Inc. an iHeartMedia Company