...

Networking - Ethical Hacking

Back to Course

Lesson Description


Lession - #1176 How to Hack a Website


In this site hacking viable situation, we will seize the client meeting of the web application situated at www.techpanda.org. We will utilize cross site prearranging to peruse the treat meeting id then, at that point, use it to mimic a genuine client meeting.

The suspicion made is that the aggressor approaches the web application and he might want to seize the meetings of different clients that utilization a similar application. The objective of this assault could be to acquire administrator admittance to the web application accepting the aggressor's entrance account is a restricted one.

  • Open http://www.techpanda.org/.
  • For training purposes, it is unequivocally prescribed to get entrance utilizing SQL Injection. Allude to this article for more data on the best way to do that.
  • The login email is admin@google.com, the secret key is Password2010.
  • In the event that you have signed in effectively, you will get the accompanying dashboard.
  • Click on Add New Contact.
  • Enter the following as the first name.

    Dark
    HERE,
    The above code utilizes JavaScript. It adds a hyperlink with an onclick occasion. Whenever the clueless client taps the connection, the occasion recovers the PHP treat meeting ID and sends it to the snatch_sess_id.php page along with the meeting id in the URL.
  • Enter the excess subtleties as displayed beneath.
  • Click on Save Changes.
  • Your dashboard will currently seem to be the accompanying screen.
  • Since the cross site script code is put away in the data set, it will be stacked everytime the clients with access freedoms login.
  • We should assume the chairman logins and taps on the hyperlink that says Dark.
  • He/she will get the window with the meeting id appearing in the URL.