Difference between revisions of "DVWA: XSS"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| Line 46: | Line 46: | ||
Buka Firefox | Buka Firefox | ||
Preferences > Content > Uncheck - Block pop-up windows | Preferences > Content > Uncheck - Block pop-up windows | ||
| + | |||
| + | ===Masuk ke DVWA=== | ||
| + | |||
| + | * Login | ||
| + | * DVWA Security > Low | ||
| + | |||
| + | ==XSS Stored Basic Exploit Test== | ||
| + | |||
| + | * Klik > XSS (Stored) | ||
==Referensi== | ==Referensi== | ||
* http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson9/index.html | * http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson9/index.html | ||
Revision as of 07:33, 28 May 2017
sumber: http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson9/index.html
Tujuan
- Test a basic cross site scripting (XSS) attack
- Test an iframe cross site scripting (XSS) attack
- Test a cookie cross site scripting (XSS) attack
- Create a php/meterpreter/reverse_tcp payload
- Start the php/meterpreter/reverse_tcp listener
- Upload the PHP payload to the DVWA Upload screen
- Test a PHP Payload cross site scripting (XSS) attack
Di sisi DVWA
Cek IP
ifconfig
Fix Stored Cross Site Scripting (XSS) Comment Box
Edit index.php
cd /var/www/html/DVWA-1.9/vulnerabilities/xss_s/ vi index.php
Search dengan keyword mtxMessage Ubah maxlength=50
<textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"50\"></textarea>
menjadi maxlength=250
<textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"250\"></textarea>
Di sisi Kali Linux
Cek IP Kali Linux
ifconfig -a
Enable Javascript di Browser
Buka Firefox Preferences > Content > Uncheck - Block pop-up windows
Masuk ke DVWA
- Login
- DVWA Security > Low
XSS Stored Basic Exploit Test
- Klik > XSS (Stored)