Tuesday, May 17, 2022

Simple Data Exfiltration Through XSS

During a recent engagement, I found a cross-site scripting (XSS) vulnerability in a legal document management application and created a quick and dirty document exfiltration payload. Unfortunately, this discovery and coding happened on the final day of the engagement (*cough* reporting bonus hacking day), and I didn’t have a chance to actually put the exfiltrated data back together into documents for demonstration to the client.

I saved that code snippet, hoping to come back to it someday. Fast…

Read More

Latest news
Related news