A client-side exploit attacks vulnerabilities in client software, such as web browsers, e-mail applications, and media players. In a client-side exploit, the victim must visit a malicious site in order for the exploit to run. A client-side exploit is different from a traditional exploit because it requires the victim to initiate the connection between their machine and an attacking machine. Traditional exploits, on the other hand, do not require human interaction.
When a human target visits the web page that contains the exploit, a session opens on the target’s machine and gives you shell access to the target’s system, if the target’s system is vulnerable to the exploit. Using the session, you can do things like capture screenshots, collect password files, and pivot to other areas of the network.