• Home
  • Hacking & Security
    • Network Hacking
    • Web Hacking
    • Social Engineering
    • Kali Linux
    Submit An Article
  • Courses
    • All Courses
    • Bundles
    • Masterclass
    • VIP Membership
    • FAQ

    Popular Courses

  • Shop
    • Hardware Bundles
    • Wireless Adapters
    • Pentesting Tools
    • Security
    • Accessories
    • Clothing
    • Books
    • All
  • Competition
  • Services
    Penetration Testing
    Consulting
    Code Review
    One on one Training
    Online Courses
    VPN
      • Cart

    VIP Membership Masterclass
    Got a question?
    [email protected]
    RegisterLogin
    zSecurity
    • Home
    • Hacking & Security
      • Network Hacking
      • Web Hacking
      • Social Engineering
      • Kali Linux
      Submit An Article
    • Courses
      • All Courses
      • Bundles
      • Masterclass
      • VIP Membership
      • FAQ

      Popular Courses

    • Shop
      • Hardware Bundles
      • Wireless Adapters
      • Pentesting Tools
      • Security
      • Accessories
      • Clothing
      • Books
      • All
    • Competition
    • Services
      Penetration Testing
      Consulting
      Code Review
      One on one Training
      Online Courses
      VPN
        • Cart

      Hacking & Security

      How Hackers Use Blind XSS to Secretly Take Over Your Session!

      • Posted by 2001z00z1002
      • Date May 21, 2023

      Session Hijacking
      Modern web applications utilize cookies to maintain a user’s session throughout different browsing sessions. This enables the user to only log in once and keep their logged-in session alive even if they visit the same website at another time or date. However, if a malicious user obtains the cookie data from the victim’s browser, they may be able to gain logged-in access with the victim’s user without knowing their credentials.

      With the ability to execute JavaScript code on the victim’s browser, we may be able to collect their cookies and send them to our server to hijack their logged-in session by performing a Session Hijacking (aka Cookie Stealing) attack.

      Blind XSS Detection
      We usually start XSS attacks by trying to discover if and where an XSS vulnerability exists. However, in this exercise, we will be dealing with a Blind XSS vulnerability. A Blind XSS vulnerability occurs when the vulnerability is triggered on a page we don’t have access to.

      Question – identify the vulnerable input field and find a working XSS payload, and then use the ‘Session Hijacking’ scripts to grab the Admin’s cookie and use it in ‘login.php’ to get the flag.

      • Share:
      2001z00z1002
      2001z00z1002

      Previous post

      Bug Bounty Hunting 101 πŸͺ² Everything You Need to Know
      May 21, 2023

      Next post

      Session Hijacking | Cookie
      May 24, 2023

      You may also like

      sens_370x208
      Sensitive Information Disclosure
      7 June, 2023
      hashcat_370x208
      Hack ANY Netgear WiFi Access Point Device Around You with Hashcat
      4 June, 2023
      nginx_370x208
      Web Server Protection: Enabling HTTPS on Nginx in Kali Linux
      1 June, 2023

      Leave A Reply Cancel reply

      You must be logged in to post a comment.

      Categories

      • Bug Bounty
      • Cryptography
      • Cryptography
      • CTF
      • Forensics
      • Hacking & Security
      • Hardware
      • IOT
      • Kali Linux
      • Network Hacking
      • News
      • OSINT
      • Post Exploitation
      • Post Exploitation
      • Privacy
      • Programming
      • Security
      • Social Engineering
      • Uncategorized
      • Web Hacking

      Popular Posts

      Got a Blank Screen After Importing Kali in Virtual Box ? Here’s How To Fix It
      25Jan2018

      Connect with us

      • Facebook
      • Twitter
      • LinkedIn
      • Instagram
      • Youtube

      β€œEverything related to ethical hacking

      & cyber security in one place.”

      Quick Links

      • Home
      • About Us
      • Hacking & Security
      • Download Custom Kali
      • Contact
      • FAQ

      Services

      • Penetration Testing
      • Consulting
      • Code Review
      • One on one training
      • VPN
      • VIP Membership

      Company

      • About Us
      • Blog
      • Contact
      • Vulnerability Disclosure

      Support

      • FAQ
      • Forums

      Copyright Β© 2022 Z IT SECURITY LTD t/a zSecurity. All rights reserved.

      • Privacy
      • Shipping
      • Refunds
      • Terms

      Contribute

      Share your knowledge with the world

      SUBMIT AN ARTICLE

      Login with your site account

      Lost your password?

      Not a member yet? Register now

      Register a new account


      Are you a member? Login now

      Enroll in this course to access this lesson!

      All of our courses include:

      βœ” Lifetime, unlimited access to course materials & training videos.

      βœ” Watch online or download lectures for offline use.

      βœ” Verifiable certificate of completion from zSecurity, signed by the course instructor, Zaid.

      βœ” Get answers from our Support Team within a maximum of 15 hours.

      βœ” Unlimited Updates.

      Get free 1 month VIP membership per course with:

      βœ” Live mentorship and Q&A session with the course instructor, Zaid.

      βœ” Instant support from community members through our private discord channel.

      βœ” Daily updates with the latest tutorials & news in the hacking world.

      βœ” Daily resources like CTFs, bug bounty programs, onion services and more!

      βœ” Access our VIP community & connect with like-minded people.

      βœ” Discounts on other zSecurity products and services.

      We are using cookies to give you the best experience on our website. This includes but is not limited to:

      • Storing your settings and preferences.
      • Remember your access information
      • Track website performance and make our website more relevant to you.

      You can find out more about which cookies we are using or switch them off in settings.

      Privacy Overview

      This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

      Strictly Necessary Cookies

      Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

      3rd Party Cookies

      This website uses Google Analytics and Linkedin to collect anonymous information such as the number of visitors to the site, and the most popular pages.

      Keeping this cookies enabled helps us to improve our website.

      Please enable Strictly Necessary Cookies first so that we can save your preferences!

      Powered by  GDPR Cookie Compliance