f46b5405
20220830 - How I Account Takeover via XSS.md
How I Account Takeover via XSS 💡
1. Found XSS
- found login page in /account/?jid=77877
jid
parameter has no validation
2. Escalate it to account takeover
3. Get user & pass
- Used Burb Collaborator
Credit
Based on Mohamed Tarek's write-up.
Support
You can Follow me on twitter or