In view of COVID-19 precaution measures, we remind you that ImmuniWeb Platform allows to easily configure and safely buy online all available solutions in a few clicks.

News and press releases

After Record Growth in 2020, ImmuniWeb Continues the Success in 2021

April 8, 2021

The Free ImmuniWeb Community Edition to Offer Continuous Security Monitoring

March 2, 2021

ImmuniWeb® AI Platform Major Update

February 2, 2021

ImmuniWeb Community Edition 2.0 Brings Turbocharged Testing Capacities

November 18, 2020

ImmuniWeb Discovery to Intelligently Automate Penetration Testing Scoping and Scheduling

October 15, 2020

Top 10 Most Promising AI Projects to Watch in 2021

February 3, 2021

Top 10 Cybercrime and Cybersecurity Trends for 2021

December 15, 2020

Singapore Releases New Cybersecurity Guidelines to Combat COVID-19 Threats

November 16, 2020

Strong AI in 2020? No

November 11, 2020

State of Cybersecurity Industry Exposure at Dark Web

September 8, 2020

OWASP Top 10

OWASP’s #1 Web Application Risk - the Threat of and Solution to Web Application Injection Attacks

June 14, 2018

OWASP’s #2 Web Application Risk – the Threat of and Solution to Broken Authentication

June 21, 2018

OWASP’s #3 Web Application Risk – the Threat of and Solution to Sensitive Data Exposure

June 28, 2018

XML External Entities (XXE): the Threat of and Solution

July 5, 2018

OWASP Top 10: Broken Access Control, the risks and solutions

July 12, 2018

Security Misconfiguration, a conscious element of OWASP Top 10, the risks and solutions

July 19, 2018

XSS, a notable OWASP Top 10 old-timer, still brings up to $7,500 to researchers

July 26, 2018

Insecure Deserialization: OWASP Top 10 element of arduous exploitation but leading to system takeover

August 2, 2018

Components with Known Vulnerabilities - a major OWASP Top 10 Risk

August 21, 2018

Last but not least: OWASP Top Ten #10 - Insufficient Logging and Monitoring

August 14, 2018

Search Blog

#infosec #OWASP
#Risk Management #microservices
#Application Security #Cybersecurity #AI #DevSecOps

ImmuniWeb Security Blog

XSS & CSRF: Practical exploitation of post-authentication vulnerabilities in web applications

4k
155
19
11
13
More
15
13
5

Wednesday, January 18, 2012 By Marsel Nizamutdinov Read Time: 4 min.

These days many people do not consider post-authentication vulnerabilities dangerous, such as Stored XSS in the administrator’s portion of a web application.

Author: Marsel Nizamutdinov, Head of Research & Development Department at High-Tech Bridge SA

These days many people do not consider post-authentication vulnerabilities dangerous, such as Stored XSS in the administrator’s portion of a web application.

This situation is probably aggravated by some misinformation websites and some self-proclaimed security experts, which try to deny disclosed vulnerabilities by posing them as a feature implemented by design. The problem is that they simply do not understand the exploitation’s vectors of these vulnerabilities and they consider them as benign, as long as they impact webpages which do not remain available to unauthenticated users.

XSS & CSRF: Practical exploitation of post-authentication vulnerabilities in web applications

PDF: XSS & CSRF: Practical exploitation of post-authentication vulnerabilities in web applications (732 kB)

This article was nominated among "The Best of PenTest Magazine" special 2012 edition.

Tags: CSRF XSS exploitation web applications

Previous Blog Posts:

Cybercrime in nowadays businesses: A real case study of targeted attack

Spying Internet Explorer 8.0

4k
155
19
11
13
More
15
13
5

User Comments

How it Works Ask a Question