Entrei como ADMIN sem saber a senha (XSS - Session Hijacking)

In this video, I demonstrate a real-world Session Hijacking attack via XSS. Learn how attackers take over Admin accounts without credentials and how to prevent it. Mastery of these techniques is essential for Red Teamers and Developers looking to secure their systems. Disclaimer: This video is strictly for educational purposes. This channel does not encourage, support, or approve any form of illegal activity. All demonstrations were performed in a controlled environment, with the goal of promoting digital awareness and security. Use this information ethically and responsibly. Notice: All content reflects the ideas and viewpoints of Geraldo Alcantara and is not associated with any employer, except where explicitly stated. 🕰️ TimeCodes 00:00 - Intro 00:46 - Finding XSS-vulnerable fields 02:58 - Testing potential filters 03:54 - HTML Injection 04:37 - Reflected Cross-Site Scripting in practice 05:21 - Session Hijacking 08:33 - How to protect yourself 08:38 - HTTPOnly Flag 10:02 - Escape, filters, and Whitelisting