Create XSS vulnerable website and steal cookie

PHP XSS cookie stealer lab

XSS - you have heard it before but what is it really and how dangerous can it be? Continue reading on https://guppysecurity.com/create-a-xss-vulnerable-website/ to get a basic idea of what XSS is and the different types of XSS.

Here we will put that information into practice by building a simple website in PHP that has a login-functionality.

Lab outline:

1. Create a website with a login

   1. Have two users: one admin and one regular user.

2. Upon login a user should have a cookie for that login-session

3. “Accidentally” create a user input field that is reflected back on the page without sanitation.

4. Develop a XSS-payload that the regular user can send to the admin to steal the admin-cookie and login as admin.

Let’s get started: