For this week’s Knowledge sharing session on Wednesday, Vishal Singh - Security Analyst, @CloudSEK talks about “Blind XSS: The ticking time bomb of XSS attack”
Blind XSS is a special type of persistent/stored XSS, where an attackers input is saved into the database and executed in another part of the application or in a totally different application when reviewed by an admin/team members. Nowadays, lots of websites use different features which directly interact with the backend team/admin for approval, it might be chances of user input invalidation at the same place. And this can lead to creating a permanent admin backdoor. Simply, a Blind XSS attack can be used as gaining the Admin privilege by hijacking the authenticated session cookie values. It is the most dangerous XSS attack among all.
What audience can learn from this talk?
How to test it, where to spray/inject the payload, which tool to use, and mitigate Blind XSS vulnerability.
Date and Time: 2021-03-24T12:30:00Z → 2021-03-24T13:30:00Z
Link to register: https://csek.me/cwfy
Click the above link and add the event to your calendar so that you do not miss attending it