Español
A CSRF is operated through an XSS. In this case we rely on a TJCTF challenge but it is applicable in many areas. This kind of attacks show the danger that XSS have as we saw in the post from WordPress 5.1 CSRF + XSS + RCE – Poc where even RCE was achieved.
Power belongs to the people who take it
Tag: XSS
A few days ago a vulnerability was discovered in WordPress 5.1 that has already been patched in version 5.1.1, in this post we will explain it and exploit it step by step.
The vulnerability starts in a CSRF so it requires user interaction and javascript enabled in the victim’s browser.
Any doubt or correction will be appreciated.
Continue reading
Cross-site scripting (XSS) is a vulnerability that allows an attacker to inject code (usually HTML or JavaScript) into a web. When a victim sees an infected page, the injected code runs in his browser.
Today we bring a Cheat Sheet about this vulnerability that is not the best known by the common user but is one of the most appearing on the webs.
Continue reading
Sorry, this entry is only available in European Spanish. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language.
En este post veremos de forma práctica el secuestro de Sesiones PHP a través de un ataque de inyección XSS(Cross-site Scripting). Una mala validación de los campos sumado a la falta de protección en nuestras variables $_SESSION pueden provocar esta vulnerabilidad.
Continue reading
Redes Sociales
© 2024 ironHackers
Theme by Anders Noren — Up ↑