Difference between revisions of "DVWA: XSS"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) (Created page with "sumber: http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson9/index.html ==Tujuan== * Test a basic cross site scripting (XSS) attack * Test an iframe c...") |
Onnowpurbo (talk | contribs) |
||
| Line 10: | Line 10: | ||
* Upload the PHP payload to the DVWA Upload screen | * Upload the PHP payload to the DVWA Upload screen | ||
* Test a PHP Payload cross site scripting (XSS) attack | * Test a PHP Payload cross site scripting (XSS) attack | ||
| + | |||
| + | |||
| + | ==Di sisi DVWA== | ||
| + | |||
| + | ===Cek IP=== | ||
| + | |||
| + | ifconfig | ||
| + | |||
| + | |||
| + | ===Fix Stored Cross Site Scripting (XSS) Comment Box=== | ||
| + | |||
| + | Edit index.php | ||
| + | |||
| + | cd /var/www/html/DVWA-1.9/vulnerabilities/xss_s/ | ||
| + | vi index.php | ||
| + | |||
| + | Ubah | ||
| + | |||
| + | <td><textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"50\"></textarea></td> | ||
| + | |||
| + | menjadi | ||
| + | |||
| + | <td><textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"250\"></textarea></td> | ||
| + | |||
Revision as of 10:12, 27 May 2017
sumber: http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson9/index.html
Tujuan
- Test a basic cross site scripting (XSS) attack
- Test an iframe cross site scripting (XSS) attack
- Test a cookie cross site scripting (XSS) attack
- Create a php/meterpreter/reverse_tcp payload
- Start the php/meterpreter/reverse_tcp listener
- Upload the PHP payload to the DVWA Upload screen
- Test a PHP Payload cross site scripting (XSS) attack
Di sisi DVWA
Cek IP
ifconfig
Fix Stored Cross Site Scripting (XSS) Comment Box
Edit index.php
cd /var/www/html/DVWA-1.9/vulnerabilities/xss_s/ vi index.php
Ubah
<textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"50\"></textarea>
menjadi
<textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"250\"></textarea>