Description: http://infosec42.blogspot.com
This is how you can use XSS to steal users cookies/Session ID. I'm using the HTTP POST method versus HTTP GET in this example. : ) Enjoy...
Using one of the reported XSS vulnerabilities in Netsweepers WebAdmin Portal to hijack an authenticated users cookie and then using it to bypass authentication with an already authenticated session.
# Exploit Title: Netsweeper WebAdmin Portal CSRF, Reflective XSS, and "The later"
# Date: Discovered and reported CSRF and XSS reported 4/2012 and "The later" reported 7/2012
# Author: Jacob Holcomb/Gimppy042
# Software Link: Netsweeper Inc. - Netsweeper Internet Filter (www.netsweeper.com)
# CVE : CVE-2012-2446 for the XSS issues, CVE-2012-2447 for the CSRF, and CVE-2012-3859 for the "The later"
Tags: XSS "Cookie Stealing" "Session ID" "Authentication Bypass" ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.