Skip to content

tugbadm/XSSAttack

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

OWASP Mutillidae II - XSS Attack Example

##Part I: Creating Php WebServer

WebServer creates a socket on PORT:6003 WebServer is implemented with PHP. It listens socket and gets info from vulnarable blog. Displays other users' cookies on a webpage.

User A adds JavaScript/ws-script as blog entry. User A runs WebServer/webserver.php and listens socket 6003. User B views A's entries and B's cookie and sessionID info is sent to A. A can display this info on table.html page.

##Part II: Creating Java TCP Server

TCPServer creates a socket on PORT:6000 TCPServer is implemented with JAVA. It does same thing with WebServer except instead of displaying info on a webpage, it stores them in a text file.

##Part III: Creating a worm. User A adds JavaScript/worm-script as blog entry. When user B views A's entries that script is added to B's entries and B gets infected. User C views B's entries and C gets infected either.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks