SQLiteManager Local File Inclusion - Low Security Level
Solution:
Step 1. On the lesson page click on SQLiteManager -(SQLite Manager page will be displayed in new window).
Step 2. On the lesson page click on Cookies - (A tab will open with new url -
https://cve.mitre.org/cgi-bin/cvename...)
Step 3. Cick on URL:http://securityreason.com/securityale... and visit the page
Note: XSS can be executed on index.php page of SQLiteManager.
Step 4. Visit the http://10.0.2.4/sqlite/ site page and follow below steps
a. Click on Test
b. Click on Triggers
c. Give your choice name in the name field and give below payload in the Step text box
Note: As YouTube doesn't allow angular brackets in the Description section replacing them with ( ), kindly change the ( ) to angular brackets
(script)alert(document.cookie)(/script)
d. Click on Save and note the result.
PseudoTime