Stealing Sensitive Information Disclosure from a Web

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

If at some point you find a web page that presents you sensitive information based on your session: Maybe it's reflecting cookies, or printing or CC details or any other sensitive information, you may try to steal it. Here I present you the main ways to can try to achieve it:

  • CORS bypass: If you can bypass CORS headers you will be able to steal the information performing Ajax request for a malicious page.

  • XSS: If you find a XSS vulnerability on the page you may be able to abuse it to steal the information.

  • Danging Markup: If you cannot inject XSS tags you still may be able to steal the info using other regular HTML tags.

  • Clickjaking: If there is no protection against this attack, you may be able to trick the user into sending you the sensitive data (an example here).

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

Last updated