Article directory
foreword
Usually xss vulnerability can be used in combination with csrf vulnerability, let’s do a small experiment example today
1. Experiment introduction
Vulnerabilities mainly exploit the non-exit status of users modifying sensitive information, and the modified information is easy to be forged without verification. When we find that there is a csrf vulnerability, we can construct url request information and cooperate with xss vulnerability to cooperate with induced access.
This experiment is demonstrated by the pikachu shooting range built locally.
2. Experimental steps
1. User login
2. Crawl information modified url
GET /pikachu/vul/csrf/csrfget/csrf_get_edit.php?sex=girl&phonenum=11111111113&add=usa&email=lili%40pikachu.com&submit=submit
That is to say, as long as the url is submitted, the user information can be modified.
3. Construct xss statement
<script src='http://127.0.0.1/pikachu/vul/csrf/csrfget/csrf_get_edit.php?sex=girl&phonenum=11111111112&add=usa&email=lili%40pikachu.com&submit=submit'> </script>
The initial phone number is 11111111113, and the modified phone number is 11111111112
4. Insert xss statement
5. View user information has been modified
Summarize
This issue briefly introduces the combination of xss vulnerability and csrf vulnerability