Or that some applications write their own cookie handlers (which are injectable). Or that some frameworks don't handle the request header properly. Or that you'll sometimes see custom headers that you can donk with.
Being clever at XSS/CSRF is what forced me to learn javascript in the first place. Also worth writing your own instead of using existing stuff like jquery.
Being clever at XSS/CSRF is what forced me to learn javascript in the first place. Also worth writing your own instead of using existing stuff like jquery.