|
|
|
|
|
|
by BeefWellington
1795 days ago
|
|
|
This is kind of irrelevant since you can pretty easily override everything about the XSS payload to make it look like a legitimate login page for the site you're looking for. Depending on the nature of the site, it's possible it won't even stand out as odd even if it loads a login control at a non-"login" URL. |
|
|
If an attacker leverages an XSS they can exactly replicate the login page, URL and all, only limited by payload size and modern protections like CSP.