Stay in touch with us: Facebook | Twitter | LinkedIn | Newsletter
ImmuniWeb® by High-Tech Bridge


High-Tech Bridge Newsletter

Subscribe to our newsletter and receive some or all of our corporate news, invitations to security events or HTB Security Advisories – you choose what you want to receive.

XSS & CSRF: Practical exploitation of post-authentication vulnerabilities in web applications

Wednesday, January 18, 2012 By

Author: Marsel Nizamutdinov, Head of Research & Development Department at High-Tech Bridge SA


These days many people do not consider post-authentication vulnerabilities dangerous, such as Stored XSS in the administrator’s portion of a web application.

This situation is probably aggravated by some misinformation websites and some self-proclaimed security experts, which try to deny disclosed vulnerabilities by posing them as a feature implemented by design. The problem is that they simply do not understand the exploitation’s vectors of these vulnerabilities and they consider them as benign, as long as they impact webpages which do not remain available to unauthenticated users.


User Comments and Opinions