Test Reflected XSS Cookie Stealing Across Accounts

[tcpiplab]

This is for xss-reflected-steal-cookie.md. The scenario would be that user A tricks user B into clicking a link containing the XSS code.

1. Test from one account to another of similar privilege.
2. Test to see if it could be used for privilege escalation too.
3. If that all works, move on to doing as a Stored XSS.

[tcpiplab]

Tested the XSS link in the HTML file. It successfully stole the admin user's PHPSESSID cookie and sent it to the Python listener:

2017-02-11 06:49 AM - 192.168.0.254	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:51.0) Gecko/20100101 Firefox/51.0
------------------------------------------------------------------------------------------------------------------
Cookie Name			Value
------------------------------------------------------------------------------------------------------------------
security			['low']
PHPSESSID			['958o040rdnl9b5flseb5po85p3']

But I made some mistakes in my testing of the next steps. I need to plan it out more carefully:

1. Add the stolen cookie to a browser not yet having a PHPSESSID cookie from 192.168.0.18.
2. From a different browser, try to load a page that otherwise would require a password: http://192.168.0.18/dvwa/ But note that the original admin user must still be logged in with the same PHPSESSID cookie.