Difference between revisions of "DVWA: XSS"

sumber: http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson9/index.html

Tujuan

• Test a basic cross site scripting (XSS) attack
• Test an iframe cross site scripting (XSS) attack
• Test a cookie cross site scripting (XSS) attack
• Create a php/meterpreter/reverse_tcp payload
• Start the php/meterpreter/reverse_tcp listener
• Upload the PHP payload to the DVWA Upload screen
• Test a PHP Payload cross site scripting (XSS) attack

Di sisi DVWA

Cek IP

ifconfig

Fix Stored Cross Site Scripting (XSS) Comment Box

Edit index.php

cd /var/www/html/DVWA-1.9/vulnerabilities/xss_s/
vi index.php

Search dengan keyword mtxMessage Ubah maxlength=50

<textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"50\"></textarea>

menjadi maxlength=250

<textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"250\"></textarea>

Di sisi Kali Linux

Cek IP Kali Linux

ifconfig -a

Enable Javascript di Browser

Buka Firefox
Preferences > Content > Uncheck - Block pop-up windows

Masuk ke DVWA

• Login
• DVWA Security > Low

XSS Stored Basic Exploit Test

• Klik > XSS (Stored)
• Pada Name isi "Test 1"
• Pada Message isi "<script>alert("This is a XSS Exploit Test")</script>"
• Klik > Sign Guestbook

XSS Stored IFRAME Exploit Test

• Reset Database DVWA, supaya XSS yang pernah dilakukan tidak muncul lagi.
• Klik > XSS (Stored)
• Pada Nama isi "Test 2"
• Pada Message isi "<iframe src="http://www.cnn.com"></iframe>"
• Klik > Sign Guestbook

Tampak bahwa CNN muncul di bawah "Test 2" .

       This is a powerful exploit because a user could use SET to create Malicious cloned website and place in here.
           e.g., Social Engineering Toolkit (SET): Lesson 3: Create Malicious Weblink, Install Virus, Capture Forensic Images

Referensi

• http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson9/index.html