CT417 Assignment 3
Siužetinės Linijos Tekstas
- Not yet, I don't have enough money to buy many presents right now. I know what to do, I'll use someone else's card online.
- Have you bought any Christmas presents yet?
- I see this website here has no Content Security Policy defined. I can post a comment on a forum, and inject some code into it.
- I've posted a comment containing Javascript code, onto this webpage. The code is stored on the webserver's database backend. This is a Stored XSS attack.
- This code will access their cookies, so I can pretty much assume their identity. I can log into their Amazon account an order presents.
- Since the code is stored on the webpage, any time a user opens it, to code is retrieved and executed. I will get access to their session cookies
- What happens when a user opens that webpage?
- Lucky me, their account is open and their payment details are stored and ready to use. Let's get some presents.
- Some one has opened the webpage, and my code has executed. I now have access to their cookies. Let's check if their Amazon account is open.
- Best Christmas Ever!!!
Sukurta daugiau nei 30 milijonų siužetinių lentelių