Is it possible for someone to make a purposefully vulnerable site then lure users to his site where he then takes advantage of that vulnerability to hack their social media accounts etc? If so how?

mohamed elgamal
  • 51
  • 2
  • 3
  • 7

1 Answers1


Is it possible for someone to make a purposefully vulnerable site


then take advantage of that vulnerability to hack the users?

Yes but, he doesn't need the vulnerability.

When we talk about a vulnerable site, that usually means it allows anyone to do some action which was not intended by the owner. For example, a vulnerable StackOverflow site could allow anyone to log in under the account of someone else. However, if I was the owner of StackOverflow and wanted to take over your account I wouldn't need to exploit a vulnerability on the page. I could do that directly (such as manually changing your password to something else).

The main reason I can think for that would be for plausible deniability / looking inept rather than malicious.

  • 17,578
  • 3
  • 25
  • 60
  • What about if there was no user interaction any farther than simply opening the website ? – mohamed elgamal Oct 29 '20 at 13:12
  • @mohamedelgamal and the website would be vulnerable in what sense? I'm not understanding your question. – Ángel Oct 29 '20 at 21:40
  • like it would be vulnerable to some sort of web app vuln that would allow it to hack its users social media/work/personal accounts on the users laptop. For example something that would allow it to steal cookies. That is just an example tho. – mohamed elgamal Oct 30 '20 at 19:24
  • The app doesn't need to be vulnerable. It can already see its own cookies. You might be thinking on stealing cookies of a different website, but it's not the that would need to be vulnerable, but the user browser which is not supposed to give your Gmail cookies to StackOverflow. – Ángel Oct 30 '20 at 22:03