all InfoSec news
Stored-XSS led to Keylogger injection
July 9, 2023, 7 a.m. | Yashar Mohagheghi
InfoSec Write-ups - Medium infosecwriteups.com
Hello everyone
Hope you’re doing well!
I was working on a project and found a Stored-XSS on it, but due to the use of HttpOnly property for the cookies, It was impossible to steal them using a script.
Also, It’s not wise to pass such a thing while It was a Stored-XSS, so I decided to exploit it any way possible.
All the users would see a similar panel after entering the application, and if, for example, the admin user …
cookies doing exploit hello injection keylogger led pass project script steal working xss
More from infosecwriteups.com / InfoSec Write-ups - Medium
Honeypots 101: A Beginner’s Guide to Honeypots
3 days, 10 hours ago |
infosecwriteups.com
No Dev Team? No Problem: Writing Malware and Anti-Malware With GenAI
3 days, 22 hours ago |
infosecwriteups.com
Devvortex Hackthebox Walkthrough
4 days, 11 hours ago |
infosecwriteups.com
Port Scanning for Bug Bounties
4 days, 11 hours ago |
infosecwriteups.com
Jobs in InfoSec / Cybersecurity
Senior Security Engineer - Detection and Response
@ Fastly, Inc. | US (Remote)
Application Security Engineer
@ Solidigm | Zapopan, Mexico
Defensive Cyber Operations Engineer-Mid
@ ISYS Technologies | Aurora, CO, United States
Manager, Information Security GRC
@ OneTrust | Atlanta, Georgia
Senior Information Security Analyst | IAM
@ EBANX | Curitiba or São Paulo
Senior Information Security Engineer, Cloud Vulnerability Research
@ Google | New York City, USA; New York, USA