.png)
2 weeks ago
22 BOOK THIS SPACE FOR AD
ARTICLE AD
Hey there,
As this is my first article, so pardon me if there are any mistakes and do let me know how can I improve.
So without wasting any time lets jump into the main story.
A brief overview of the application: It served as a Management System featuring User Management and Report generation functionalities. Interestingly, it included a feature called Announcements, allowing any user to broadcast messages to other users within the organization. These announcements would be prominently displayed on their dashboard.
Now, if you have guessed it correctly the announcement functionality was vulnerable to XSS.
Lets see the steps to take over ADMIN account:-
2. Now whenever the admin will login to the application our payload will execute and we will get the admin cookies.
3. Now by normally changing the cookies value in browser (Assuming you know how to do that) we can have access the ADMIN account.
That’s how we can takeover any users account which is working in that organization.But………….,Wait!! can we chain this bug to exploit any further vulnerability??
Yes!!, In the Next Article we will see how i chain this bug to gain RCE.!!
Until Then, Enjoy the life and See you soon.
Bengali (Bangladesh) · 
English (United States) ·