Description: This is a demonstration of a concept where xss in main site is used to exploit a sql injection vulnerability in admin panel. for more information, please check: http://amolnaik4.blogspot.in/2012/02/sql-injection-via-xss.html
Tags: xss , sql injection , xsssqli ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Hi, thanks for video!
I know it's a stupid question, but how it's possible to make crossdomain xmlhttprequest?
@ara, this is not a crossdomain xmlhttprequest call. The request is originating from the same domain (mysite.com) to access the admin panel on same domain (mysite.com/admin/). Attacker has included ajax script from his server, but it'll run from mysite.com domain.
Hope this clarifies ur doubt.