8 Steps How to use and Set up XSS Shell:
1. Download the XSS Shell application from the link above and extract the content.
2. Find and register for free ASP hosting. I use jabry.net in this example.
3. Edit xssshell.asp. (see the picture below)
- See more at: http://www.hacking-tutorial.com/hacking-tutorial/xss-attack-8-steps-how-to-use-and-set-up-xss-shell/#sthash.v5aTbugT.dpuf
change the SERVER address with your ASP server hosting address.
4. We need to find and get the asp current working directory, you can use the script below :
<%= Server.MapPath(Request.ServerVariables("PATH_INFO" ))%>
- See more at: http://www.hacking-tutorial.com/hacking-tutorial/xss-attack-8-steps-how-to-use-and-set-up-xss-shell/#sthash.v5aTbugT.dpuf
5. Access cwd.asp in your browser. It will look like this: -
6. Open "admin" folder and open db.php file. We need to edit the DATABASE configuration from the data in step 5.
to edit the password for log in to admin section:
7. Here is my xsshell folder content preview.
8. Now lets try to access the admin folder in our browser, the password to log in to admin section you can find and change in step 6
0 comments:
Post a Comment