Giters

muhammedaydogan / XSSAttack

BBM459 - Secure Programming Lab Assignment #3

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

OWASP Mutillidae II - XSS Attack Example

##Part I: Creating Php WebServer

WebServer creates a socket on PORT:6003 WebServer is implemented with PHP. It listens socket and gets info from vulnarable blog. Displays other users' cookies on a webpage.

User A adds JavaScript/ws-script as blog entry. User A runs WebServer/webserver.php and listens socket 6003. User B views A's entries and B's cookie and sessionID info is sent to A. A can display this info on table.html page.

##Part II: Creating Java TCP Server

TCPServer creates a socket on PORT:6000 TCPServer is implemented with JAVA. It does same thing with WebServer except instead of displaying info on a webpage, it stores them in a text file.

##Part III: Creating a worm. User A adds JavaScript/worm-script as blog entry. When user B views A's entries that script is added to B's entries and B gets infected. User C views B's entries and C gets infected either.

About

BBM459 - Secure Programming Lab Assignment #3

Languages

Language:PHP 66.0%Language:HTML 34.0%