Navigation X
ALERT
Click here to register with a few steps and explore all our cool stuff we have to offer!



 17942

Extending XSS to upload Shell in a Website By Pentester708

by Pentester708 - 04 March, 2020 - 03:52 AM
This post is by a banned member (Pentester708) - Unhide
652
Posts
482
Threads
5 Years of service
#1
XSS is much like SQL Injection , it is Javascript Injection(Pretty much straight eh for the newbies)

Now instead of uploading some Phishing , CSRF payloads . I Injected an uploader.php in here.
The site was not having any upload feature previously but after i injected the payload, Anyone can upload anything(exe,php,bat,what not) to it, which will be stored and executed on the Server Level.


I wonder what would you guys have uploaded ?

Well I did the harder part for yal. Play around uploading your shells

You can get to your uploaded shells by adding its name in the URL after uploading



Site:
Hidden Content
You must register or login to view this content.

[Image: Udpc9Lb.gif]
Telegram: https://t.me/candycainlobbies
Ad by brocain
This post is by a banned member (goodglob) - Unhide
This post is by a banned member (thek5m) - Unhide
thek5m  
Registered
11
Posts
0
Threads
4 Years of service
#3
let's check it out
This post is by a banned member (lurkesastu) - Unhide
29
Posts
0
Threads
4 Years of service
#4
XXzxxzXsad
This post is by a banned member (copricorn) - Unhide
copricorn  
Registered
38
Posts
0
Threads
4 Years of service
#5
thank you buddy
This post is by a banned member (lollies) - Unhide
lollies  
Registered
34
Posts
1
Threads
4 Years of service
#6
following
This post is by a banned member (donquishoot) - Unhide
6
Posts
0
Threads
4 Years of service
#7
(04 March, 2020 - 03:52 AM)Pentester708 Wrote: Show More
XSS is much like SQL Injection , it is Javascript Injection(Pretty much straight eh for the newbies)

Now instead of uploading some Phishing , CSRF payloads . I Injected an uploader.php in here.
The site was not having any upload feature previously but after i injected the payload, Anyone can upload anything(exe,php,bat,what not) to it, which will be stored and executed on the Server Level.


I wonder what would you guys have uploaded ?

Well I did the harder part for yal. Play around uploading your shells

You can get to your uploaded shells by adding its name in the URL after uploading



Site:

thanks
This post is by a banned member (warsoft) - Unhide
warsoft  
Registered
120
Posts
0
Threads
5 Years of service
#8
juste pour voir. Merci

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
or
Sign in
Already have an account? Sign in here.


Forum Jump:


Users browsing this thread: 1 Guest(s)