Difference between revisions of "DVWA: XSS"

From OnnoWiki
Jump to navigation Jump to search
(Created page with "sumber: http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson9/index.html ==Tujuan== * Test a basic cross site scripting (XSS) attack * Test an iframe c...")
 
Line 10: Line 10:
 
* Upload the PHP payload to the DVWA Upload screen
 
* Upload the PHP payload to the DVWA Upload screen
 
* Test a PHP Payload cross site scripting (XSS) attack
 
* Test a PHP Payload cross site scripting (XSS) attack
 +
 +
 +
==Di sisi DVWA==
 +
 +
===Cek IP===
 +
 +
ifconfig
 +
 +
 +
===Fix Stored Cross Site Scripting (XSS) Comment Box===
 +
 +
Edit index.php
 +
 +
cd /var/www/html/DVWA-1.9/vulnerabilities/xss_s/
 +
vi index.php
 +
 +
Ubah
 +
 +
<td><textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"50\"></textarea></td>
 +
 +
menjadi
 +
 +
<td><textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"250\"></textarea></td>
 +
  
  

Revision as of 10:12, 27 May 2017

sumber: http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson9/index.html

Tujuan

  • Test a basic cross site scripting (XSS) attack
  • Test an iframe cross site scripting (XSS) attack
  • Test a cookie cross site scripting (XSS) attack
  • Create a php/meterpreter/reverse_tcp payload
  • Start the php/meterpreter/reverse_tcp listener
  • Upload the PHP payload to the DVWA Upload screen
  • Test a PHP Payload cross site scripting (XSS) attack


Di sisi DVWA

Cek IP

ifconfig


Fix Stored Cross Site Scripting (XSS) Comment Box

Edit index.php

cd /var/www/html/DVWA-1.9/vulnerabilities/xss_s/
vi index.php

Ubah

<textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"50\"></textarea>

menjadi

<textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"250\"></textarea>


Referensi