Web Hacking
◾
371
brute-force directories and search common locations (default locations)
to upload its intermedi-
ate stager.
As we can see, we have successfully managed to get meterpreter shell via sqlmap.
XSS (Cross-Site Scripting)
XSS is one of my favorite subjects in web application security. It has been
a problem for more than
a decade, and still is. XSS is an input validation issue just like SQL injection. XSS occurs when the
user input is not properly filtered or sanitized before it’s reflected back to the user.
This allows the attacker
to inject malicious code, which is later executed in the context of a
victim’s browser. XSS vulnerability can be used to carry out various attacks
such as stealing session
cookies and even compromising browsers. We will discuss this later.
Dostları ilə paylaş: