XSS to Account Takeover

Login Page
Source Code
forbidden characters
Final Payload




Back-end Developer & AppSec Researcher 🥷🏻

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Dapp browser for RSK network is now available on D’CENT Wallet

{UPDATE} Chameleon Run Hack Free Resources Generator

dLocal launches Chargeback Protector to Safeguard Against Global Fraud

Beware of Domain Listing Service Scams

Domain Listing Services

‘Cyber Crime and Cyber Warfare’- Cyber Forensics & Electronic Evidence

Rising crime and data theft in the wake of emerging technologies

How to properly configure your nginx for TLS

Hacking Punkbuster

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Back-end Developer & AppSec Researcher 🥷🏻

More from Medium

What is an IDOR Vulnerability?

XSS Filter Evasion + IDOR


A Story of IDOR which leads to privacy violation…$$$