This presentation demonstrates how an attacker can utilise XSS to execute arbitrary code on the web server when an administrative user inadvertently triggers a hidden XSS payload.
Custom tools and payloads integrated with Metasploit’s Meterpreter in a highly automated approach will be demonstrated live, including post-exploitation scenarios and interesting data that can be obtained from compromised web applications.
This version includes cool notifications and new attack vectors!
varbaek
signer
pylapp
ndevaul
nbkouhou
masatatsu
copilot
cbtlibrary
jdbedics
terahide
keavy
garrettdimon
davidbonilla
ammeep
gr2m
ufuk
eileencodes
shlominoach
morganepeng
lara
zakiyama
hannesfritz
