Exploitation guides
The following are exploit guides for the scenarios created in this chapter. These are guidelines and there are more ways to exploit the vulnerabilities.
Scenario 1 – cookie theft for fun and profit
The brief provided for this exploitation guide is assumed to be: steal the admin user's cookie from
<IP>/input.php. Perform the following steps for this scenario:
- The first thing to do is to the browse the website. We can see that we have an input box.
- The brief says, "steal a cookie", so we can assume this is a cross-site scripting attack. We can add test messages to see whether the input is returned to us. As it doesn't return the input, we must assume that it's being passed to the admin somewhere as the brief suggests that an admin can see it. This means that trying the standard
<script>alert(1);</script>code won't work. - However, we can make a call back to our own server with cross-site scripting. This is achieved by first...
