Using XSS to steal access
We've talked about Cross Site Scripting (XSS) before, and for good reason, it's a risk far too many sites are vulnerable to. XSS is scary because it runs in the context of the trusted relationship between your browser and a website; XSS can do everything you can do.
XSS cookie theft
Let's look at another example of an XSS exploit: stealing administrative access to a site.
- The administrator's browser will send the cookie to the attacker's website
- The attacker will use the stolen cookie to use the administrator's access on the site
Read the rest of Using XSS to steal access
This page is kept so the comments posted here are available since they provide additional help and insights.