Stored Cross Site Scripting Allows to hijack the sessions #163
Milestone
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
{{ message }}
Summary : Stored Cross Site Scripting Vulnerability leads to hijack the users sessions
Description :
About Vulnerability :
Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information.
Impact :
Attackers can execute scripts in a victim’s browser to hijack user sessions, deface web sites, insert hostile content, redirect users, hijack the user’s browser using malware, etc.
For more reference :
https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)
Steps to Reproduce : (POC)
Login as any user and add a document.
When you are adding a document. Give the name
then upload it.
Done
Mitigation :
Don't trust any user input and use proper sanitation
for more reference : https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
Madhu Akula
Information Security Researcher
The text was updated successfully, but these errors were encountered: