iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (1)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Upload shell with xss
  • Hardcore-Gabber
    Posts: 118
    I have seen somewhere a tutorial about how to upload shell trough xss but i could not finde it ..

    Is possible to upload a shell trough xss . ?
  • m0rph
    Posts: 332
    said:


    I have seen somewhere a tutorial about how to upload shell trough xss but i could not finde it ..

    Is possible to upload a shell trough xss . ?


    http://www.exploit-db.com/vbseo-from-xss-to-reverse-php-shell/


    keep in mind this was done from a javascript 0-day that reverse injected php into vbseo through GET requests to a malicious server. It wasn't a webshell though, it was a reverse php shell.

    pretty much, the stars have to align for you to pull this off. but yes, it's possible.
    Source: I know the guy that wrote that article.
    while( !(succeed = try() ) );
  • Hardcore-Gabber
    Posts: 118
    I know that exploit .. is for vbseo ..
  • m0rph
    Posts: 332
    said:


    I know that exploit .. is for vbseo ..


    you asked, I answered. all the concepts are in that tutorial. I'm fairly confident that's one of the very few tutorials around of xss to shell.
    while( !(succeed = try() ) );
  • Xin
    Posts: 3,251
    Im guessing you would need to integrate XSRF with XSS and get the admin to visit the XSS'ed page. Not an easy trick.
    Xin
Add a Comment