Skip to Main Content
http://leo-sosnine.livejournal.com/ (
leo-sosnine.livejournal.com
) wrote
in
leo_sosnine
2016-09-01 02:19 pm (UTC)
no subject
Традиционно через ХСС тащат аутентификационный куки админа. Не то чтобы это прямо ахтунг, но и не минорная проблема, учитывая то, что эта проблема очень распространена.
Вот, например:
http://pen-testing.sans.org/blog/2016/08/19/azure-0day-cross-site-scripting-with-sandbox-escape
(
55 comments
)
Post a comment in response:
From:
Anonymous
OpenID
Identity URL:
Log in?
Dreamwidth account
Account name
Password
Log in?
If you don't have an account you can
create one now
.
Subject
HTML doesn't work in the subject.
Formatting type
Casual HTML
Markdown
Raw HTML
Rich Text Editor
Message
Log in
Account name:
Password:
Remember me
Other options:
Forget your password?
Log in with OpenID?
Close
menu
Log in
Create
Create Account
Display Preferences
Explore
Interests
Directory Search
Site and Journal Search
Latest Things
Random Journal
Random Community
FAQ
Shop
Buy Dreamwidth Services
Gift a Random User
DW Merchandise
Interest
Region
Site and Account
FAQ
Email
no subject
Вот, например:
http://pen-testing.sans.org/blog/2016/08/19/azure-0day-cross-site-scripting-with-sandbox-escape