TS Episode23

From Security Weekly Wiki
Jump to navigationJump to search

Recorded January 12, 2018

Host

  • Beau Bullock, @dafthack, Penetration Tester at Black Hills Information Security
  • HTML5 Storage Exfil via XSS

    It is fairly common for pentesters to discover Cross-Site Scripting (XSS) vulnerabilities on web application assessments. Exploiting these issues potentially allow access to a user's session tokens enabling attackers to navigate a site as the victim in the context of the web application. In this episode the hosts Beau Bullock (@dafthack) & Mike Felch (@ustayready) demonstrate how to exploit a XSS vulnerability to access HTML5 local storage to steal a cookie.