XSS, Cookies, and Session ID Authentication – Three Ingredients for a Successful Hack > The XSS Vulnerability

Hmm. Damnit. I have to strenghten my web application.

Cross site scripting (XSS) attacks are often seen as a powerless hack. While this is true in some cases, for the most part the impact of an XSS vulnerability is left up to the imagination and talent of the attacker. In this article I am going to look at a real-life XSS attack and how it was used to bypass the authentication scheme of an online web application I was asked to test. In this case, the XSS resulted led to "shell" access to the web server — anything but harmless.

Read More