HTML Injection
Last updated
Was this helpful?
Last updated
Was this helpful?
Occurs when you can inject HTML, but not Javascript for whatever reason.
I haven’t tested this, but HTML5 allows for <img>
tags with CORS cross-origin use-credentials. This would allow you to steal cookies if you have a website that accepts CORS-with-credentials requests and logs the cookies.
You can try to for credentials.