- This event has passed.
Blind XSS: The ticking time bomb of XSS attack | Knowledge Sharing Session
March 24 @ 6:00 pm - 7:00 pmFree
“Blind XSS: The ticking time bomb of XSS attack” talk by Vishal Singh our Cyber Security Analyst.
Blind XSS is a special type of persistent/stored XSS, where an attackers input is saved into the database and executed in another part of the application or in a totally different application when reviewed by an admin/team members. Nowadays, lots of websites use different features which directly interact with the backend team/admin for approval, it might be chances of user input invalidation at the same place. And this can lead to creating a permanent admin backdoor. Simply, a Blind XSS attack can be used as gaining the Admin privilege by hijacking the authenticated session cookie values. It is the most dangerous XSS attack among all.
What audience can learn from this talk?
How to test it, where to spray/inject the payload, which tool to use, and mitigate Blind XSS vulnerability.