Metasploit with XSSF, from the pop-up window to the right to lift

Source: Internet
Author: User
Tags advantage

Http://www.myhack58.com/Article/html/3/8/2012/36261.htm

XSSF Brief Introduction

The Cross-site Scripting Framework (XSSF) is a security tool that makes it very easy to take advantage of cross-site scripting (XSS) vulnerabilities. The main purpose of the XSSF project is to demonstrate the actual harm of XSS.

Now, let's talk about my process.

First download the XSSF in BT5

Then go to its folder to see, there is a readme, open to see what needs to be done next. Copy all files to MSF3.

And then look at the plugin library under MSF3 There's no xssf.rb

Everything OK after we load XSSF in MSF

After a successful load, let's help and see what XSSF's command is.

I believe that reading the notes will understand what is going on, and then go on to the following.

Let's take a look at the code that needs to be inserted in XSSF. Here I'm inserting a link in the XSSF test page (open this test.html to see)

The test is then done in DVWA.

After inserting the test code, we return to Metasploit to see how much exp the XSS can take advantage of. (The first thing to understand is that the XSS Insert code page to keep active state, so consider the success rate) Here I use alert to do the demo.

After the Show options, enter the relevant parameters and run.

Then return to XP to see a pop-up window (after all, I still use to play the window, alas)

In fact, here can also use some browser-oriented hole for more in-depth testing, get meterpreter after the right, intranet infiltration and so on, but I failed, this is the tragedy of this article. If you have a study of the next experiment, you can talk about it.


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.