The most destructive misuse of this vulnerability is to infect other users via malicious JavaScript links; this is a classic example of attack pivoting. Consider if an attacker gains access to a team member's account on Slack and wants to expedite the process further to compromise other team members via an application's vulnerability, then this would have been the target of the attack.
Embedding malicious links to infect other users on Slack
by Shahmeer Amir, Carlos A. Lozano
Bug Bounty Hunting Essentials
- Title Page
- Copyright and Credits
- About Packt
- Contributors
- Preface
- Basics of Bug Bounty Hunting
- How to Write a Bug Bounty Report
- SQL Injection Vulnerabilities
- Cross-Site Request Forgery
- Application Logic Vulnerabilities
- Cross-Site Scripting Attacks
- SQL Injection
- Open Redirect Vulnerabilities
- Sub-Domain Takeovers
- XML External Entity Vulnerability
- Template Injection
- Top Bug Bounty Hunting Tools
- Top Learning Resources
- Other Books You May Enjoy
Embedding malicious links to infect other users on Slack
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.