What information can an attacker steal using XSS?

Email: maixuanviet.com@gmail.com
Skype: maixuanviet.com@outlook.com
Linkein: <a href="https://www.linkedin.com/in/maixuanviet" rel="noopener noreferrer" target="_blank"> linkedin.com/in/maixuanviet
HackerRank: <a href="https://www.hackerrank.com/vietmx" rel="noopener noreferrer" target="_blank"> hackerrank.com/vietmx
Github: github.com/vietmx
Tiktok: <a href="https://www.tiktok.com/@maixuanviet.com" rel="noopener noreferrer" target="_blank"> tiktok.com/@maixuanviet.com

Technology Community › Category: Web Security › What information can an attacker steal using XSS?

VietMX Staff asked 3 years ago

By using XSS, the session id of the genuine user can be stolen by the attacker. The session id is used by the browser to identify your credentials in an application and helps you keep login till sign off from an application. An attacker can write a code to extract information from cookies which contain session id and other information. Later, same session id can be used by an attacker to browse the application on behalf of the user without actually logged in the application.

Question Tags: Middle Level, Web Security