As i know i hasnt told uhh awl abt DOMB based XSS bt its quite different so i will be talking abt dt later :)
Session Hijacking
- Ok now we have got the admin's cookies using both methods, so we need to edit our own browser's cookies.
- First of all go to that site's admin login or its main page whose cookies you have.
- Now delete ALL of your cookies from that page.For this check the topic on cookies.
- Now go in your cookies.html page which you have made on a free hosting site and copy everything in front of the Cookie: in a notepad.These are the cookies.
- This sign ; separates cookies from each other so first copy the code before the ;i.e the first cookie.
- Now come back to that vulnerable site and instead of link add the following code but don't hit enter:
Code:
Javascript:void(document.cookie="ADD YOUR COOKIE HERE")
- Add that cookie in between " " and now hit enter.
- Do this with all of the cookies and refresh the page.
- And hurrah!!! you are logged in as administrator.
- So now go in your admin panel and upload your deface page,now you can do anything to that site.