Pwning with XSS: from alert() to reverse shell: Defcon Banglore 2013

6,283 views
6,158 views

Published on

A Glimpse through V4 of OWASP Xenotix XSS Exploit Framework

Published in: Technology
0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
6,283
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
156
Comments
0
Likes
5
Embeds 0
No embeds

No notes for slide

Pwning with XSS: from alert() to reverse shell: Defcon Banglore 2013

  1. 1. • • • •
  2. 2. START
  3. 3. Xenotix HTTP Web Shell Proxy Web Server ATTACKER VICTIM GET http://facebook.com Serve the JavaScript File Facebook.com HTML page contents FB’s Server
  4. 4. SO.... Never Under Estimate the Power of XSS
  5. 5. ajinabrahamofficial ajinabrahamofficial ajinabraham ajinabraham ajin.abraham@owasp.org

×