Cross-Site Attacks
Your input, running in someone else's browser.
Chapter 04 of the roadmap. Work through each walkthrough below, or browse every topic.
-
Stored XSS in Product Reviews
Exploiting stored cross-site scripting in OopsSec Store's product review functionality to execute JavaScript in every visitor's browser.
-
Profile Takeover: Chaining Self-XSS with CSRF
A Self-XSS in the profile bio editor is harmless on its own. Chain it with a missing CSRF token on the update endpoint and you get cross-user profile takeover.
-
Cross-Site Request Forgery on the Admin Order Update Endpoint
The admin order update endpoint authenticates via cookie and validates nothing else, allowing any same-session page to flip an order's status on the admin's behalf.