This post is by a banned member (ratrirtjk) - Unhide
16 April, 2020 - 01:42 AM
Reply
(04 March, 2020 - 03:52 AM)Pentester708 Wrote: Show MoreXSS is much like SQL Injection , it is Javascript Injection(Pretty much straight eh for the newbies)
Now instead of uploading some Phishing , CSRF payloads . I Injected an uploader.php in here.
The site was not having any upload feature previously but after i injected the payload, Anyone can upload anything(exe,php,bat,what not) to it, which will be stored and executed on the Server Level.
I wonder what would you guys have uploaded ?
Well I did the harder part for yal. Play around uploading your shells
m,,,,,,,,,,,,lkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
You can get to your uploaded shells by adding its name in the URL after uploading
Site:
mmmmmmmmmmmmmmm......lmmmmmmmmmmmmmmmmmmmmmmm
This post is by a banned member (terminalhacker) - Unhide
30 April, 2020 - 10:52 PM
Reply
(04 March, 2020 - 03:52 AM)Pentester708 Wrote: Show MoreXSS is much like SQL Injection , it is Javascript Injection(Pretty much straight eh for the newbies)
Now instead of uploading some Phishing , CSRF payloads . I Injected an uploader.php in here.
The site was not having any upload feature previously but after i injected the payload, Anyone can upload anything(exe,php,bat,what not) to it, which will be stored and executed on the Server Level.
I wonder what would you guys have uploaded ?
Well I did the harder part for yal. Play around uploading your shells
You can get to your uploaded shells by adding its name in the URL after uploading
Site:
thats very creative, never thought of it
This post is by a banned member (epidr) - Unhide
22 May, 2020 - 03:28 AM
Reply
This post is by a banned member (dzlakika) - Unhide
23 May, 2020 - 03:20 AM
Reply
This post is by a banned member (Busher) - Unhide
26 May, 2020 - 01:12 PM
Reply
lets check it
great job thumbs up
This post is by a banned member (Frangobot) - Unhide
05 June, 2020 - 12:37 AM
Reply
[font][font]Nice!!![/font][/font]
This post is by a banned member (admin2323) - Unhide
05 June, 2020 - 06:49 PM
Reply
This post is by a banned member (leon661) - Unhide
05 June, 2020 - 11:08 PM
Reply
|