Long ago, I (and maybe many other person, maybe you?? 😀 ) thought that XSS vulnerability is not dangerous. It is so minor bug. That because I was thought that “best” bug is a bug that could be used directly to shell server. Mmmm, maybe right, maybe not so right, maybe wrong at all.

This video shows you how dangerous XSS vulnerability is. In this case, it is combined with lack of secure cookie implementation.

The vulnerable application I used is codoforum 3.4, and I refer to this article on exploit-db.

xss-cookie

codoforum-xss

Watch the video here

​​