August 2018
Intermediate to advanced
404 pages
10h 22m
English
Oftentimes, when we, as penetration testers, describe XSS to our clients or to developers, we focus on the defacement and phishing/information theft aspects of its impact and overlook the fact that it can be used by the attacker to forge requests using the victim's session to perform any action available to the victim within the application.
In this recipe, we will illustrate this situation using an XSS attack to forge a request that is protected with an anti-CSRF token.
Read now
Unlock full access