mirror of
https://github.com/carlospolop/hacktricks
synced 2025-02-16 22:18:27 +00:00
3.2 KiB
3.2 KiB
Kuiba Ufunuo wa Taarifa Nyeti kutoka kwa Tovuti
{% hint style="success" %}
Learn & practice AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: 
HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
Ikiwa wakati fulani utapata ukurasa wa wavuti unaokupa taarifa nyeti kulingana na kikao chako: Huenda unareflect cookies, au kuchapisha au maelezo ya kadi ya mkopo au taarifa nyingine yoyote nyeti, unaweza kujaribu kuiba hiyo.
Hapa ninakuletea njia kuu ambazo unaweza kujaribu kuzifikia:
- CORS bypass: Ikiwa unaweza kupita vichwa vya CORS utaweza kuiba taarifa kwa kufanya ombi la Ajax kwa ukurasa mbaya.
- XSS: Ikiwa utapata udhaifu wa XSS kwenye ukurasa unaweza kuwa na uwezo wa kuutumia kuiba taarifa.
- Danging Markup: Ikiwa huwezi kuingiza lebo za XSS bado unaweza kuiba taarifa kwa kutumia lebo nyingine za kawaida za HTML.
- Clickjaking: Ikiwa hakuna ulinzi dhidi ya shambulio hili, unaweza kumdanganya mtumiaji akakutumia taarifa nyeti (mfano hapa).
{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.