Turning cookie based XSS into account takeover

The cookie-based XSS on the Terrahost main domain leads to the account takeover. The researcher was testing the main domain. There was a functionality where he could choose the service, then register an account and place an order. After looking into the requests in Burp, he found 


With the above parameter, he found a Self XSS, and later he managed to escalate the issue to account takeover.

This post was created with our nice and easy submission form. Create your post!

What do you think?

Posted by SH

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

oss-security – N-day exploit for CVE-2022-2586: Linux kernel nft

Zyxel releases new NAS firmware to fix critical RCE vulnerabilit