Hey awl :) welcome once more :P well in diz tut i will be teaching uhh awl abt hijacking d victims website after getting its cookies :D

As  i know i hasnt told uhh awl abt DOMB based XSS bt its quite different so i will be talking abt dt later :)

Session Hijacking

 

 

 

• Ok now we have got the admin's cookies using both methods, so we need to edit our own browser's cookies. 
•  
• First of all go to that site's admin login or its main page whose cookies you have.
•  
• Now delete ALL of your cookies from that page.For this check the topic on cookies. 
•  
• Now go in your cookies.html page which you have made on a free hosting site and copy everything in front of the Cookie: in a notepad.These are the cookies. 
•  
• This sign ; separates cookies from each other so first copy the code before the ;i.e the first cookie.
•  
• Now come back to that vulnerable site and instead of  link add the following code but don't hit enter:

Code:
Javascript:void(document.cookie="ADD YOUR COOKIE HERE")

• Add that cookie in between " " and now hit enter.
•  
• Do this with all of the cookies and refresh the page.
•  
• And hurrah!!! you are logged in as administrator.
•  
• So now go in your admin panel and upload your deface page,now you can do anything to that site.

XSS Attack - Part 4

Uploaded by: MIN Software

Views:

Category: TUTORIALS, XSS

Share

Tweet