Web - Client

Tuesday 5 June 2018, 07:30  #1
Web - Client | XSS Stored - 1
KAN3Kl
KAN3Kl
  • 2 posts

Hey,
I was able to get the cookies of the admin by an cookie steal attack which required me to write some script in the form of the question.
But when I set that cookie on my browser and refresh the page the same page gets opened. To set the cookie i used "javascript:void(document.cookies"#cookie_name=#cookievalue");".
When I check my cookies for the session they were perfect.
Is there anything else that is to be done?
Am I missing something?
What more should I learn?

It would be great if you would hint me with a keyword or so.
Thanks in advance.

Tuesday 5 June 2018, 14:03  #2
Web - Client | XSS Stored - 1
N0v311575
N0v311575
  • 1 posts

Hi you don’t have to use the cookie, just to read the content. If the value is no relevant, you failed :)

Wednesday 6 June 2018, 09:44  #3
Web - Client | XSS Stored - 1
KAN3Kl
KAN3Kl
  • 2 posts

Thanks the #cookievalue was the password 🙂

New reply New reply   New topic New topic