How I Hacked 40 Websites in 7 minutes

<p>Last summer I started learning about information security and hacking. Over the last year I&rsquo;ve played in various wargames, capture the flag and penetration testing simulations, continuously improving my hacking skills and learning new things about &lsquo;how to make computers deviate from their expected behavior&rsquo;.</p> <p>Long story short, my experience was always limited to simulated environments, and since I consider myself a white-hat hacker (aka one of the good guys) I never stuck my nose into other peoples&rsquo; businesses &mdash; quite literally.</p> <p>Until now. This will be a detailed story about how I hacked into a server which hosted 40 (this is an exact number) websites and my findings.</p> <blockquote> <p><strong>Note:</strong>&nbsp;Some prerequisite CS knowledge is needed to follow through the technical parts of the article.</p> </blockquote> <p>A friend messaged me that an&nbsp;<a href="https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)" rel="noopener ugc nofollow" target="_blank">XSS vulnerability</a>&nbsp;was found in his website and that he wants me to take a further look. This is an important stage, as I am inclined to ask for him to formally express that I have his permission to perform a full test on his web application and on the server hosting it. The answer was&nbsp;<strong>positive.</strong></p> <p><a href="https://medium.com/hackernoon/how-i-hacked-40-websites-in-7-minutes-5b4c28bc8824"><strong>Website</strong></a></p>