|
|
|
|
|
|
by d1plo1d
3670 days ago
|
|
|
So that is similar to an XSS in that it gains you the ability to inject arbitrary JS in to the page. That scenario is covered in the article with as I understood it the TL;DR being that lifting tokens is less practical in practice then using the browser directly to send malicious requests. The result of either attack are also similar in that as soon as your injecting JS into the page you've gained access to the users session. |
|
|