Paid Advertising is
ha.ckers sla.cking
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Chrome vectors+http only cookies
Posted by: Bob
Date: June 18, 2013 08:10AM

I've been trying to bypass chrome's vector for days and i haven't succeeded, the closest i got to was:<script src=http//></script> : is what triggers the filter after http.
Anyway i found a persistent XSS on a website and i noticed the session cookie is http only, how do i bypass this on all latest browsers, if you can provide me with a working example i'd appreciate it very much.
I'm also willing to pay for anyone who wants to share it privately.

Edited 1 time(s). Last edit at 06/18/2013 09:22AM by Bob.

Options: ReplyQuote
Re: Chrome vectors+http only cookies
Posted by: Albino
Date: August 10, 2013 05:23AM

Instead of stealing the cookie, use BeEF

Research blog

Options: ReplyQuote

Sorry, only registered users may post in this forum.