Taking advantage of XSS vulnerability to easily get the login user's cookie
· Logging · 5 comments · 6,865 Views

Taking advantage of XSS vulnerability to easily get the login user's cookie

· Logging · 5 comments · 6,865 Views

preface

Recently, I found that one of the small programs is to automatically register an account in a certain station after applying for user information.
So went to the website to see, wow! A lot of input box ~ try XSS easily.
 1.png

XSS vulnerability found

For the purpose of learning and communication, the following code is input in the input box of user name with trembling fingers:
<script>alert(1)</script>
 2.png
EMM... Did not respond, the heart a burst of loss, and did not expect to pop up a box, sighed.
However, it is a procedural ape at least, which can not be easily given up.
We found some XSS variation code to test
</textarea><img onerror="alert(1)" src='1'>
 3.png
WOW! It's amazing!

Further exploit XSS vulnerability

At that time, I was thinking that his small program had recharge function.
The administrator or the financial department will certainly have nothing to look at today's consumption ~ which new users recharge it~
That's not as good as that~
Brush two recharge lists, and then insert XSS in the user name, and Jiang Taigong will hook the fisherman.
From the search engine, we found several XSS platforms with HTTPS, and checked the module that can obtain cookies:
 4.png

(2) later

 5.png
Fish hook ~ successfully get the user name and cookie, then hang agent, developer tool, application, modify cookies, refresh the page.

Really lucky

 6.png
The first time I used XSS to do something, it was very comfortable.
Unfortunately, the background and user center are shared, and there is no place to upload files for reuse.
 7.png
It's just a small charge~

Vulnerability submission

 8.png
It has been fed back to the relevant administrator for repair.

Conclusion

Do development, security awareness must have ah!

Comments are closed.
  1. Liu

    alert("Hello!")

  2. So the development still uses the frame reliable point

    1. @Morris

      Although there are some problems with the framework, it is better than self writing

  3. at leisure

    Big guy, it's very good,

  4. tourist

    Great