XSS to Account Takeover

Login Page
Source Code
forbidden characters
Final Payload




Back-end Developer & AppSec Researcher 🥷🏻

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Put the hack back in hackathon

Buzz of Web3.0 — how it differs from Web2.0

{UPDATE} Volley Beat Hack Free Resources Generator

XML External Entity (XXE)

{UPDATE} Rhom Bus Hack Free Resources Generator

🤑 Don’t miss the profit 🤑

Watch out digital thieves — Data Privacy Day is coming for you!

A woman sits at a bench, looking at her iPad. She is resting her left hand against her face.

{UPDATE} Vliegtuig lading Truck SIM-3D Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Back-end Developer & AppSec Researcher 🥷🏻

More from Medium

Bypassing HttpOnly with phpinfo file

XSS Discovery and Exploitation With BurpSuite

How I could have read your confidential bug reports by simple mail?

OS Command Injection