Difference between revisions of "DVWA: XSS"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| Line 34: | Line 34: | ||
<td><textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"250\"></textarea></td> | <td><textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"250\"></textarea></td> | ||
| + | ==Di sisi Kali Linux== | ||
| + | ===Enable Javascript di Browser== | ||
| + | |||
| + | Preferences > Content > Uncheck - Block pop-up windows | ||
==Referensi== | ==Referensi== | ||
* http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson9/index.html | * http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson9/index.html | ||
Revision as of 10:15, 27 May 2017
sumber: http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson9/index.html
Tujuan
- Test a basic cross site scripting (XSS) attack
- Test an iframe cross site scripting (XSS) attack
- Test a cookie cross site scripting (XSS) attack
- Create a php/meterpreter/reverse_tcp payload
- Start the php/meterpreter/reverse_tcp listener
- Upload the PHP payload to the DVWA Upload screen
- Test a PHP Payload cross site scripting (XSS) attack
Di sisi DVWA
Cek IP
ifconfig
Fix Stored Cross Site Scripting (XSS) Comment Box
Edit index.php
cd /var/www/html/DVWA-1.9/vulnerabilities/xss_s/ vi index.php
Ubah
<textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"50\"></textarea>
menjadi
<textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"250\"></textarea>
Di sisi Kali Linux
=Enable Javascript di Browser
Preferences > Content > Uncheck - Block pop-up windows