Navigation X
ALERT
Click here to register with a few steps and explore all our cool stuff we have to offer!



 17942

Extending XSS to upload Shell in a Website By Pentester708

by Pentester708 - 04 March, 2020 - 03:52 AM
This post is by a banned member (Pentester708) - Unhide
Pentester708  
Registered
652
Posts
482
Threads
5 Years of service
#1
OP 04 March, 2020 - 03:52 AM
XSS is much like SQL Injection , it is Javascript Injection(Pretty much straight eh for the newbies)

Now instead of uploading some Phishing , CSRF payloads . I Injected an uploader.php in here.
The site was not having any upload feature previously but after i injected the payload, Anyone can upload anything(exe,php,bat,what not) to it, which will be stored and executed on the Server Level.

I wonder what would you guys have uploaded ?

Well I did the harder part for yal. Play around uploading your shells

You can get to your uploaded shells by adding its name in the URL after uploading


Site:
Hidden Content
You must register or login to view this content.

[Image: Udpc9Lb.gif]
Telegram: https://t.me/candycainlobbies
Ad by brocain
This post is by a banned member (goodglob) - Unhide
This post is by a banned member (thek5m) - Unhide
thek5m  
Registered
11
Posts
0
Threads
4 Years of service
#3
05 March, 2020 - 04:14 PM
let's check it out
This post is by a banned member (lurkesastu) - Unhide
lurkesastu  
Registered
29
Posts
0
Threads
4 Years of service
#4
03 April, 2020 - 03:31 AM
XXzxxzXsad
This post is by a banned member (copricorn) - Unhide
copricorn  
Registered
38
Posts
0
Threads
4 Years of service
#5
03 April, 2020 - 06:16 AM
thank you buddy
This post is by a banned member (lollies) - Unhide
lollies  
Registered
34
Posts
1
Threads
4 Years of service
#6
05 April, 2020 - 12:18 PM
following
This post is by a banned member (donquishoot) - Unhide
donquishoot  
Registered
6
Posts
0
Threads
4 Years of service
#7
05 April, 2020 - 08:44 PM
(04 March, 2020 - 03:52 AM)Pentester708 Wrote: Show More
XSS is much like SQL Injection , it is Javascript Injection(Pretty much straight eh for the newbies)

Now instead of uploading some Phishing , CSRF payloads . I Injected an uploader.php in here.
The site was not having any upload feature previously but after i injected the payload, Anyone can upload anything(exe,php,bat,what not) to it, which will be stored and executed on the Server Level.

I wonder what would you guys have uploaded ?

Well I did the harder part for yal. Play around uploading your shells

You can get to your uploaded shells by adding its name in the URL after uploading


Site:

thanks
This post is by a banned member (warsoft) - Unhide
warsoft  
Registered
120
Posts
0
Threads
5 Years of service
#8
10 April, 2020 - 10:59 AM
juste pour voir. Merci
Thread Closed 

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
 or
Sign in
Already have an account? Sign in here.


Forum Jump:


Users browsing this thread: 2 Guest(s)

About Cracked.io

Cracked.io is a community forum that suits basically everyone. We provide cracking tutorials, tools, leaks, marketplace and much more stuff! You can also learn many things here, meet new friends and have a lot of fun!
If you would like to contact us, you can send our staff team a message.

Navigation

Extras

Help

Account