Difference between revisions of "DVWA: XSS"

From OnnoWiki
Jump to navigation Jump to search
Line 55: Line 55:
  
 
* Klik > XSS (Stored)
 
* Klik > XSS (Stored)
 +
* Pada Name isi "Test 1"
 +
* Pada Message isi "<script>alert("This is a XSS Exploit Test")</script>"
 +
* Klik > Sign Guestbook
  
 
==Referensi==
 
==Referensi==
  
 
* http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson9/index.html
 
* http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson9/index.html

Revision as of 08:34, 28 May 2017

sumber: http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson9/index.html

Tujuan

  • Test a basic cross site scripting (XSS) attack
  • Test an iframe cross site scripting (XSS) attack
  • Test a cookie cross site scripting (XSS) attack
  • Create a php/meterpreter/reverse_tcp payload
  • Start the php/meterpreter/reverse_tcp listener
  • Upload the PHP payload to the DVWA Upload screen
  • Test a PHP Payload cross site scripting (XSS) attack


Di sisi DVWA

Cek IP

ifconfig


Fix Stored Cross Site Scripting (XSS) Comment Box

Edit index.php

cd /var/www/html/DVWA-1.9/vulnerabilities/xss_s/
vi index.php

Search dengan keyword mtxMessage Ubah maxlength=50

<textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"50\"></textarea>

menjadi maxlength=250

<textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"250\"></textarea>

Di sisi Kali Linux

Cek IP Kali Linux

ifconfig -a

Enable Javascript di Browser

Buka Firefox
Preferences > Content > Uncheck - Block pop-up windows

Masuk ke DVWA

  • Login
  • DVWA Security > Low

XSS Stored Basic Exploit Test

  • Klik > XSS (Stored)
  • Pada Name isi "Test 1"
  • Pada Message isi "<script>alert("This is a XSS Exploit Test")</script>"
  • Klik > Sign Guestbook

Referensi