1) We will use a cross-site scripting vulnerability as the initial attack vector
3) Exploit the victim’s browser to gain system ‘root’ or ‘shell’ access
4) Elevate our privileges to system-level
QUIZ: There is at least 6 security controls that could prevent several steps in the video including vulnerabilities or user errors. Can you spot them all?
FREEBIE: DVWA web server & IE8 browser security settings allow unencrypted XSS attack string to be sent during an SSL session. "Submit non-encrypted form data- ENABLED"