Upgrade to Pro — share decks privately, control downloads, hide ads and more …

From XSS to RCE 2.5 - Alt33c3

From XSS to RCE 2.5 - Alt33c3

This presentation demonstrates how an attacker can utilise XSS to execute arbitrary code on the web server when an administrative user inadvertently triggers a hidden XSS payload.

Custom tools and payloads integrated with Metasploit’s Meterpreter in a highly automated approach will be demonstrated live, including post-exploitation scenarios and interesting data that can be obtained from compromised web applications.

This version includes cool notifications and new attack vectors!

Hans-Michael Varbaek

December 27, 2016
Tweet

More Decks by Hans-Michael Varbaek

Other Decks in Education

Transcript