... scenario, the attacker willmake the requests with the victim’s session cookies, allowing the attacker to stealcontent meant for the victim. Once the attacker steals the content from the page, the content ... making their final pitches to the organiza-tion. The description goes on to say that the company is not informing the vendorsabout the other phone calls to avoid having them “listen in” on their ... inexploitation. Once the attacker has stolen the victim’s session cookies, the attackermust log the victim out of his session in cases where the application does not allow the victim to access the login...