Navigation X
ALERT
Click here to register with a few steps and explore all our cool stuff we have to offer!



   18615

Extending XSS to upload Shell in a Website By Pentester708

by Pentester708 - 04 March, 2020 - 03:52 AM
This post is by a banned member (ratrirtjk) - Unhide
ratrirtjk  
Registered
58
Posts
0
Threads
6 Years of service
#9
(04 March, 2020 - 03:52 AM)Pentester708 Wrote: Show More
XSS is much like SQL Injection , it is Javascript Injection(Pretty much straight eh for the newbies)

Now instead of uploading some Phishing , CSRF payloads . I Injected an uploader.php in here.
The site was not having any upload feature previously but after i injected the payload, Anyone can upload anything(exe,php,bat,what not) to it, which will be stored and executed on the Server Level.


I wonder what would you guys have uploaded ?

Well I did the harder part for yal. Play around uploading your shells
m,,,,,,,,,,,,lkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk


jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
:pepo:
You can get to your uploaded shells by adding its name in the URL after uploading


Site:

mmmmmmmmmmmmmmm......lmmmmmmmmmmmmmmmmmmmmmmm
This post is by a banned member (terminalhacker) - Unhide
31
Posts
0
Threads
6 Years of service
#10
(04 March, 2020 - 03:52 AM)Pentester708 Wrote: Show More
XSS is much like SQL Injection , it is Javascript Injection(Pretty much straight eh for the newbies)

Now instead of uploading some Phishing , CSRF payloads . I Injected an uploader.php in here.
The site was not having any upload feature previously but after i injected the payload, Anyone can upload anything(exe,php,bat,what not) to it, which will be stored and executed on the Server Level.


I wonder what would you guys have uploaded ?

Well I did the harder part for yal. Play around uploading your shells

You can get to your uploaded shells by adding its name in the URL after uploading



Site:

thats very creative, never thought of it
This post is by a banned member (epidr) - Unhide
This post is by a banned member (dzlakika) - Unhide
dzlakika  
Registered
27
Posts
0
Threads
6 Years of service
#12
thenks...
This post is by a banned member (Busher) - Unhide
Busher  
Registered
193
Posts
105
Threads
6 Years of service
#13
lets check it
great job thumbs up
This post is by a banned member (Frangobot) - Unhide
Frangobot  
Registered
7
Posts
0
Threads
6 Years of service
#14
[font][font]Nice!!![/font][/font]
This post is by a banned member (admin2323) - Unhide
This post is by a banned member (leon661) - Unhide
leon661  
Registered
20
Posts
0
Threads
6 Years of service
#16
[shoppy][/shoppy]

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
or
Sign in
Already have an account? Sign in here.


Forum Jump:


Users browsing this thread: 1 Guest(s)