http://qjnpre4wogldryzvggqsrqxtxytqkjnftrwyi4njc4qexpahmdbiq3qd.onion/125-2/index.html
The account takeover attack takes advantage of a total of three vulnerabilities in the DJI infrastructure, including a Secure Cookie bug in the DJI identification process, a cross-site scripting (XSS) flaw in its Forum and a SSL Pinning issue in its mobile app. The first vulnerability, i.e. not having the “secure” and “httponly” cookie flag enabled, allowed attackers to steal login cookies of a user by injecting a malicious JavaScript into the DJI Forum website using the...
1 similar result skipped