DVWA: XSS

From OnnoWiki

Revision as of 12:59, 27 May 2017 by Onnowpurbo (talk | contribs) (→‎=Enable Javascript di Browser)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

sumber: http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson9/index.html

Tujuan

Test a basic cross site scripting (XSS) attack
Test an iframe cross site scripting (XSS) attack
Test a cookie cross site scripting (XSS) attack
Create a php/meterpreter/reverse_tcp payload
Start the php/meterpreter/reverse_tcp listener
Upload the PHP payload to the DVWA Upload screen
Test a PHP Payload cross site scripting (XSS) attack

Di sisi DVWA

Cek IP

ifconfig

Fix Stored Cross Site Scripting (XSS) Comment Box

Edit index.php

cd /var/www/html/DVWA-1.9/vulnerabilities/xss_s/
vi index.php

Ubah

<textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"50\"></textarea>

menjadi

<textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"250\"></textarea>

Di sisi Kali Linux

Enable Javascript di Browser

Preferences > Content > Uncheck - Block pop-up windows

Referensi

http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson9/index.html

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=DVWA:_XSS&oldid=48191"