HackTricks
Searchโ€ฆ
๐Ÿ‘ฝ
Network Services Pentesting
Stealing Sensitive Information Disclosure from a Web
Support HackTricks and get benefits!
If at some point you find a web page that presents you sensitive information based on your session: Maybe it's reflecting cookies, or printing or CC details or any other sensitive information, you may try to steal it. Here I present you the main ways to can try to achieve it:
  • โ€‹CORS bypass: If you can bypass CORS headers you will be able to steal the information performing Ajax request for a malicious page.
  • โ€‹XSS: If you find a XSS vulnerability on the page you may be able to abuse it to steal the information.
  • โ€‹Danging Markup: If you cannot inject XSS tags you still may be able to steal the info using other regular HTML tags.
  • โ€‹Clickjaking: If there is no protection against this attack, you may be able to trick the user into sending you the sensitive data (an example here).
Support HackTricks and get benefits!
Copy link