Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Pwning with XSS: from alert() to reverse shell: Defcon Banglore 2013

10,059 views

Published on

A Glimpse through V4 of OWASP Xenotix XSS Exploit Framework

Published in: Technology

Pwning with XSS: from alert() to reverse shell: Defcon Banglore 2013

  1. 1. • • • •
  2. 2. START
  3. 3. Xenotix HTTP Web Shell Proxy Web Server ATTACKER VICTIM GET http://facebook.com Serve the JavaScript File Facebook.com HTML page contents FB’s Server
  4. 4. SO.... Never Under Estimate the Power of XSS
  5. 5. ajinabrahamofficial ajinabrahamofficial ajinabraham ajinabraham ajin.abraham@owasp.org

×