HTB STARTING POINT · Tier 1
Kobold
SVG with embedded JavaScript uploads to a ticketing system. When the admin previews the attachment, XSS fires in their browser and exfiltrates session cookie. Cookie replay gives admin access and SSH credentials.…
HTB STARTING POINT · Tier 1
SVG with embedded JavaScript uploads to a ticketing system. When the admin previews the attachment, XSS fires in their browser and exfiltrates session cookie. Cookie replay gives admin access and SSH credentials.…