XSS Clarifications...

Discuss the many weaknesses of browser security and ways to mitigate the threat

XSS Clarifications...

Post by BullseyeRLSH on Sat Apr 13, 2013 2:21 am
([msg=75090]see XSS Clarifications...[/msg])

I was doing Realistic Missions and I had to use XSS to steal cookies from an admin... I saw some tutorials on how it's done but I am confused about the fine point differences between Javascript Code Injection and XSS Cookie stealing.

How does someone "steal" the cookie by injecting javascript:alert(document.cookie) into a trusted website's codes? All you are doing is accessing the Target's cookie on the Target's machine, right? How do you get his cookie information? Do you have to create a fake website first? If so, then I understand the attack a little better. You basically direct an user to a fake website and let the website obtain the User's cookie and then you can access the cookie because you have access to your fake website.

Is this how XSS cookie stealing works or am I missing something?
BullseyeRLSH
New User
New User
 
Posts: 1
Joined: Sat Apr 13, 2013 2:13 am
Blog: View Blog (0)


Re: XSS Clarifications...

Post by -Ninjex- on Sat Apr 13, 2013 2:26 am
([msg=75091]see Re: XSS Clarifications...[/msg])

If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1303
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests