xss - BREAKDEV

xss

A collection of 2 posts

Hacked Discord - Bookmarklet Strikes Back

Hacked Discord - Bookmarklet Strikes Back

Discord accounts are getting hacked. This is my analysis of how most recent bookmarklet attacks work, with guidelines on what Discord can do to mitigate these attacks.

Sniping Insecure Cookies with XSS

Sniping Insecure Cookies with XSS

In this post I want to talk about improper implementation of session tokens and how one XSS vulnerability can result in full compromise of a web application. The following analysis is based on an existing real-life web application. I cover the step-by-step process that lead to administrator's account take over