Skip to content →

Category: Application Security

XSS Session Hijacking Part II

In Part I of this series, we learned how to create two modern cookie stealers for stealthily carrying out session hijacking attacks. Although highly effective in many cases, both cookie stealers were useless against websites that employ HttpOnly session cookies. In this tutorial, we’re not going to be focusing on stealing sessions. Instead, we’re going to learn how to log keystrokes in realtime using WebSockets, as well as map keystrokes to specific DOM elements.

Leave a Comment

Reflected XSS Through iFrame

Imagine we are targeting an instance of Damn Vulnerable Web App on an enterprise network. In this totally realistic scenario, there is also an instance of Web Cal running on the same network. The Web Cal instance is vulnerable to clickjacking. To gain access to DVWA, we can create a malicious web page that masquerades as the Web Cal instance using an iframe. We then could place a second iframe into the page that executes a reflected XSS attack against the target DVWA instance on page load. We could then use social engineering to trick a user into navigating to our fake Web Cal page, and by doing so steal the user’s DVWA session.

Leave a Comment

Hacking Blindfolded – Exploiting SQL injections with no error output

In many cases, developers faced with patching a SQL injection will attempt to be clever by turning off error output instead of trying to fix their broken code. This results in a situation in which the target web page is vulnerable to SQLi, but no messages from the database are shown except for the intended output onto the page. This forces us to get creative when attempting to extract information from the target database.

Leave a Comment