Stealing Sensitive Information Disclosure from a Web

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Ikiwa wakati fulani utapata ukurasa wa wavuti unaokupa taarifa nyeti kulingana na kikao chako: Huenda unareflect cookies, au kuchapisha au maelezo ya kadi ya mkopo au taarifa nyingine yoyote nyeti, unaweza kujaribu kuiba hiyo. Hapa ninakuletea njia kuu ambazo unaweza kujaribu kuzifikia:

CORS bypass: Ikiwa unaweza kupita vichwa vya CORS utaweza kuiba taarifa kwa kufanya ombi la Ajax kwa ukurasa mbaya.
XSS: Ikiwa utapata udhaifu wa XSS kwenye ukurasa unaweza kuwa na uwezo wa kuutumia kuiba taarifa.
Danging Markup: Ikiwa huwezi kuingiza lebo za XSS bado unaweza kuiba taarifa kwa kutumia lebo nyingine za kawaida za HTML.
Clickjaking: Ikiwa hakuna ulinzi dhidi ya shambulio hili, unaweza kumdanganya mtumiaji akakutumia taarifa nyeti (mfano hapa).

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

PreviousOnline Platforms with API NextPost Exploitation

Last updated 4 months ago