Step 1 Alert & Injection Chains
Let's chain commands. The semicolon is the indicator of command chains. Try this one out:
Step 2 Cookie Alerts & Cookie Modification
If you see a popup with lots of jumbles of letters and things like "PHPSESSID=", that means the website is storing cookies on your computer.
Let's edit something in this cookie.
Now if I were logged in and had another member's cookie, I could swap our sessions using these techniques, effectively becoming that member.
Step 3 Edit Web Forms
Sometimes you may want to edit a web form. A web form is when you have to "submit" something to a server, usually in logins or forgotten password forms. Let's say we have a forgot password form for some website, and this is the HTML code they used:
<form action="http://www.website.com/forgotpassword.php" method="post"> <input type="hidden" name="to" value="firstname.lastname@example.org">
This is basically saying "Void the documents first form, skip (to) and go to the value (value) and make it equal to my email".
Want to start making money as a white hat hacker? Jump-start your hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from cybersecurity professionals.
Other worthwhile deals to check out: