If an application is vulnerable to cross-site scripting one of the actions that attackers attempt to perform is capturing the username and password of the users and take over their accounts. In a successful scenario if the victim is an admin user of the application then exploiting XSS would allow an attacker to access the admin functions and data and fully compromise the application. During this video we see this scenario in action.
Web Security Academy | Lab: Exploiting cross-site scripting to capture passwords.
[ Ссылка ]
NOTE: This video is made ONLY for educational purposes and to help developers and security researchers to enhance their security knowledge. Therefore, allowing them remediate potential vulnerabilities in their OWN applications.
Twitter: [ Ссылка ]
