Bypassing HttpOnly for Escalating Vulnerability Impact

Bypassing HttpOnly for Escalating Vulnerability Impact

The vulnerabilities described in this article have been fixed. Please do not conduct unauthorized penetration testing. Original source: https://sallam.gitbook.io/sec-88/write-ups/how-we-turned-a-medium-xss-into-a-high-bounty-by-bypassing-httponly-cookie Content The target application is a common website translation platform that includes team management, project management, and an AI feature module. During testing for privilege escalation and injection attacks, I discovered an interesting input field in … Read more

Considerations for Sending Cookies in HTTP Requests

Considerations for Sending Cookies in HTTP Requests

In web projects with a separation of front-end and back-end, the front-end usually needs to send cookies to the back-end. Sending cookies to the same site means that the IP or domain accessed by the front-end and back-end is the same. When the IP or domain accessed by the front-end and back-end is different, cross-site … Read more