We are going to demonstrate a basic persistent Cross Site Scripting (XSS) on Advanced Electron Forum version 1.0.9. Detailed explanation and methods of detecting persistent XSS can be found here and here. We are going to use the exploit found at Exploit-DB.
The platform for this demonstration is Attack Defense Labs.
There is a Redirect Forum option in the below URL:
Inside this form we can write our script and save the settings.
After saving the settings by clicking Edit Forum button, we can check if we are successful by browsing the index URL:
We can see that we are successful and we can see the Cookies value in the popup.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.