For example, when passed the session cookie, check if the user has access to URIs that are vulnerable to XSS. Add an option that checks which areas the current user can access & injects Javascript based on that. * can perform GET requests to each tab and if we don't get the "You don't have sufficient privilege to access this function" message, then we can access it and we print to the end user that this user with this session cookie can access itġ. We need to take the target domain (where dmasoft is present) and the current user's session cookie as flag arguments Display the account information, privileges, & session cookie to the end userĥ. Take the session cookie & query account information & privileges about the victimĤ. Send the captured session cookie to a server we controlģ. This will capture session cookies ofusers with higher privileges.Ģ. Inject javascript into vulnerable fields.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |