New Post

Sunday, September 16, 2012

Hey awl :) welcome once more :P well in diz tut i will be teaching uhh awl abt hijacking d victims website after getting its cookies :D

As  i know i hasnt told uhh awl abt DOMB based XSS bt its quite different so i will be talking abt dt later :)




Session Hijacking

 

 

 

  • Ok now we have got the admin's cookies using both methods, so we need to edit our own browser's cookies. 
  •  
  • First of all go to that site's admin login or its main page whose cookies you have.
  •  
  • Now delete ALL of your cookies from that page.For this check the topic on cookies. 
  •  
  • Now go in your cookies.html page which you have made on a free hosting site and copy everything in front of the Cookie: in a notepad.These are the cookies. 
  •  
  • This sign ; separates cookies from each other so first copy the code before the ;i.e the first cookie.
  •  
  • Now come back to that vulnerable site and instead of  link add the following code but don't hit enter:
Code:
Javascript:void(document.cookie="ADD YOUR COOKIE HERE")
  • Add that cookie in between " " and now hit enter.
  •  
  • Do this with all of the cookies and refresh the page.
  •  
  • And hurrah!!! you are logged in as administrator.
  •  
  • So now go in your admin panel and upload your deface page,now you can do anything to that site.

0 nhận xét:

Post a Comment