Jump to content
Sign in to follow this  
Guest Iker

Different ways to upload a WebShell in a Web Server

Recommended Posts

Guest Iker

Hi,

I'm Iker, student of THP course.

In module 2 : Hunting Network: Network Analysis 

     Part 3: Hunting web shells, on page 7 it says that you can upload a webshell using an XSS, it is possible to upload a shell using xss? Or the same is that it is not well explained and is not fully understood.

 

Iker,

Best Regards,

 

Share this post


Link to post
Share on other sites
dimitrios

Hi,

Please create a proper (not guest) account.

 

You can "upload" a webshell through XSS. An example is a persistent XSS that will load and install a malicious WordPress plugin (it can contain webshell functionality). A wordpress admin will need browse the vulnerable to persistent XSS page of course for that to happen.

Share this post


Link to post
Share on other sites
dimitrios

It's kind of and edge case, but still possible.

 

Thanks for the heads up.

Share this post


Link to post
Share on other sites
mdinasec

Hows the course going for you so far? I am debating whether to go with PTP or the new THP...

Share this post


Link to post
Share on other sites
Guest
You are commenting as a guest. If you have an account, please sign in.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×