Fixed My First XSS Attack

Yesterday, one of my clients got his website hacked and showed Adware on it which was pretty harming to his business and his website.

After thorough investigation, I found it was an XSS attack which injected a JavaScript into his website that redirects visitors to the ads. But the dangerous part was it created an ADMIN account when you login as an admin, then it hijacked the nonce credentials and created an admin user which was very very dangerous.

Continue reading “Fixed My First XSS Attack”