INFOSYS 727 Lab 07- Web hacking 03

Typically such links are obfuscated to hide the real

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: orld’); </script> Once you do that you will find that Gruyere gives a url where the file was uploaded. You can then craft an attack (Ex: phishing) by sending such urls as part of an email. Typically such links are obfuscated to hide the real intent. The obfuscation is usually done using an encoder such as http://meyerweb.com/eric/tools/dencoder/ or a tiny url service such as goo.gl Web Exploitation and Vulnerabilities Exericise 2b Stored XSS What we want to do is put a script in a place where Gruyere will serve it back to another user Create new snippets by testing the following scripts (1) <a onmouseover="alert(1)" href="#">read this!</a> Web Exploitation and Vulnerabilities Elevation of Privilege Convert your account to an administrator account • Take a look at the Profile page ( /editprofile.gtl ) page that users and administrators use to edit profile settings. If you're not an administrator, the page looks a bit different. • Can you figure out how to fool Gruyere into letting you use this page to update your account? Procedure: • • • • • Using the document.cookie script you used earlier get an idea of how Gruyere issues cookies hash|username|admin|author Assuming that the username of the admin account is ‘foo’ you can create a new account with username foo|admin|author When you log into this account, it will issue you the cookie hash|foo|admin|author||author which actually logs you into foo as an administrator Check the Profile page now and see if you’ve got the admin rights !! This procedure used cookie manipulation and elevated the privilege rights...
View Full Document

This document was uploaded on 04/04/2014.

Ask a homework question - tutors are online