XSS Clarifications...

Discuss the many weaknesses of browser security and ways to mitigate the threat

XSS Clarifications...

Post by BullseyeRLSH on Sat Apr 13, 2013 2:21 am
([msg=75090]see XSS Clarifications...[/msg])

I was doing Realistic Missions and I had to use XSS to steal cookies from an admin... I saw some tutorials on how it's done but I am confused about the fine point differences between Javascript Code Injection and XSS Cookie stealing.

How does someone "steal" the cookie by injecting javascript:alert(document.cookie) into a trusted website's codes? All you are doing is accessing the Target's cookie on the Target's machine, right? How do you get his cookie information? Do you have to create a fake website first? If so, then I understand the attack a little better. You basically direct an user to a fake website and let the website obtain the User's cookie and then you can access the cookie because you have access to your fake website.

Is this how XSS cookie stealing works or am I missing something?
BullseyeRLSH
New User
New User
 
Posts: 1
Joined: Sat Apr 13, 2013 2:13 am
Blog: View Blog (0)


Re: XSS Clarifications...

Post by -Ninjex- on Sat Apr 13, 2013 2:26 am
([msg=75091]see Re: XSS Clarifications...[/msg])

1. No system is safe.
2. Aim for the the impossible.
3. Have fun in cyberspace and meatspace.


For those that know
K: 0x2CD8D4F9
User avatar
-Ninjex-
Moderator
Moderator
 
Posts: 1515
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests

cron