çSteal
session IDs
çOverwrite
login form’s ‘action’ attribute: phish the admin password!
çPhishing
heaven!
çReal
example: Pers. XSS on Aruba 800 Mobility Controller's login page [link]
¼You
own the controller you own all the WAPs – sweet! J
●Credits: Adair Collins, Steve Palmer and Jan Fry