Bypassing HttpOnly with phpinfo file

so, why phpinfo?

Almost every website, which I am testing,(of course, based on PHP) has phpinfo file.

Stealing ci_session with info.php file

We found XSS in a name field, now we can abuse the XSS to load our JavaScript, which using XMLHttpRequest() reads info.php and sends it

Gist: https://gist.github.com/ls4cfk/0deb122d4e2e24ac66cd74d3edf956bf
/examples/servlets/servlet/SessionExample

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store