Senior Security Consultant Drew Kirkpatrick will be speaking at BSides Roanoke at 1 p.m. EST on Saturday, October 2, 2021.
Popping Shells Instead of Alert Boxes: Weaponizing XSS for Fun and Profit
But what would attackers actually do with these vulnerabilities? And how can penetration testers and red teamers develop XSS payloads to use these vulnerabilities as a stepping stone to system access?
In this talk, we’ll iterate on XSS payloads against a WordPress server performing increasingly complicated attacks until finally we’ll pop a shell on the server.