Home > OS >  Impact by reflected xss with httpOnly cookies
Impact by reflected xss with httpOnly cookies

Time:10-19

I found reflected xss and am trying to use cookies with the httpOnly flag. I know that httpOnly doesn't allow you to access cookies via JavaScript, but is there really no way to do this (I know about the Trace request, but this is not an option in my case)? And how else can I use reflected xss if can't read cookies with httpOnly?

CodePudding user response:

You can't access HttpOnly cookies from JavaScript and the TRACE header is not that commonly supported in the backends.

However, there are many other attacks that a hacker can execute through XSS, like redirecting the user, changing content/links on the pages, and extracting data from the page.

Page link:https//www.codepudding.com/os/580368.html

Prev:React JS: Remove duplicates by values from object array inside reduce
Next:How to get the stderr of the latest failed step in Github Actions
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding