XSS Exploitation

  1. Steal Cookies

Exploit XSS to send victims session cookie (on vuln domain) to attacker. Use this cookie to login as victim. - victim logged in. - application doesn't block JS access to cookies using HttpOnly flag. - cookies not tied to user IP. - session time-out.

PreviousPayloads/Insertion PointsNextCORS

Last updated

Was this helpful?