Difference between revisions of "DVWA: XSS"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
Line 55: | Line 55: | ||
* Klik > XSS (Stored) | * Klik > XSS (Stored) | ||
+ | * Pada Name isi "Test 1" | ||
+ | * Pada Message isi "<script>alert("This is a XSS Exploit Test")</script>" | ||
+ | * Klik > Sign Guestbook | ||
==Referensi== | ==Referensi== | ||
* http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson9/index.html | * http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson9/index.html |
Revision as of 08:34, 28 May 2017
sumber: http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson9/index.html
Tujuan
- Test a basic cross site scripting (XSS) attack
- Test an iframe cross site scripting (XSS) attack
- Test a cookie cross site scripting (XSS) attack
- Create a php/meterpreter/reverse_tcp payload
- Start the php/meterpreter/reverse_tcp listener
- Upload the PHP payload to the DVWA Upload screen
- Test a PHP Payload cross site scripting (XSS) attack
Di sisi DVWA
Cek IP
ifconfig
Fix Stored Cross Site Scripting (XSS) Comment Box
Edit index.php
cd /var/www/html/DVWA-1.9/vulnerabilities/xss_s/ vi index.php
Search dengan keyword mtxMessage Ubah maxlength=50
<textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"50\"></textarea>
menjadi maxlength=250
<textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"250\"></textarea>
Di sisi Kali Linux
Cek IP Kali Linux
ifconfig -a
Enable Javascript di Browser
Buka Firefox Preferences > Content > Uncheck - Block pop-up windows
Masuk ke DVWA
- Login
- DVWA Security > Low
XSS Stored Basic Exploit Test
- Klik > XSS (Stored)
- Pada Name isi "Test 1"
- Pada Message isi "<script>alert("This is a XSS Exploit Test")</script>"
- Klik > Sign Guestbook