Pentester Lab: XSS and MySQL FILE

  • Name: Pentester Lab: XSS and MySQL FILE
  • Date release: 29 Jan 2014

Please remember that VulnHub is a free community resource so we are unable to check the machines that are provided to us. Before you download, please read our FAQs sections dealing with the dangers of running unknown VMs and our suggestions for "protecting yourself and your network. If you understand the risks, please download!


(Size: 178 MB)


(Size: 189 MB)




This exercise explains how you can use a Cross-Site Scripting vulnerability to get access to an administrator's cookies. Then how you can use his/her session to gain access to the administration to find a SQL injection and gain code execution using it.

What you will learn?

  • Cross-Site Scripting exploitation
  • MySQL injection with FILE privilege

  • Filename: xss_and_mysql_file_i386.iso
  • File size: 178 MB
  • MD5: C9C7A31AB9BF79B82B72B58BB0A3A657
  • SHA1: 8B8D7019194A14DADC16A605D9731A080E9E0C6A

  • Filename: _xss_and_mysql_file.iso
  • File size: 189 MB
  • MD5: E95459511A4AEBB51D0DE6CD04A016DF
  • SHA1: EAA04609897054EAA87A9741BBA9A7BC05285AA5

  • Format: Disk Image (.ISO)
  • Operating System: Linux

  • DHCP service: Enabled
  • IP address: Automatically assign