DVWA: XSS: Difference between revisions
From OnnoCenterWiki
Jump to navigationJump to search
Onnowpurbo (talk | contribs) Created page with "sumber: http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson9/index.html ==Tujuan== * Test a basic cross site scripting (XSS) attack * Test an iframe c..." |
Onnowpurbo (talk | contribs) No edit summary |
||
| Line 10: | Line 10: | ||
* Upload the PHP payload to the DVWA Upload screen | * Upload the PHP payload to the DVWA Upload screen | ||
* Test a PHP Payload cross site scripting (XSS) attack | * Test a PHP Payload cross site scripting (XSS) attack | ||
==Di sisi DVWA== | |||
===Cek IP=== | |||
ifconfig | |||
===Fix Stored Cross Site Scripting (XSS) Comment Box=== | |||
Edit index.php | |||
cd /var/www/html/DVWA-1.9/vulnerabilities/xss_s/ | |||
vi index.php | |||
Ubah | |||
<td><textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"50\"></textarea></td> | |||
menjadi | |||
<td><textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"250\"></textarea></td> | |||
Revision as of 03:12, 27 May 2017
sumber: http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson9/index.html
Tujuan
- Test a basic cross site scripting (XSS) attack
- Test an iframe cross site scripting (XSS) attack
- Test a cookie cross site scripting (XSS) attack
- Create a php/meterpreter/reverse_tcp payload
- Start the php/meterpreter/reverse_tcp listener
- Upload the PHP payload to the DVWA Upload screen
- Test a PHP Payload cross site scripting (XSS) attack
Di sisi DVWA
Cek IP
ifconfig
Fix Stored Cross Site Scripting (XSS) Comment Box
Edit index.php
cd /var/www/html/DVWA-1.9/vulnerabilities/xss_s/ vi index.php
Ubah
<textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"50\"></textarea>
menjadi
<textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"250\"></textarea>
