XSS DVWA learning

XSS DVWA learning
reflective XSS
Low Level

【】

Medium Level

Double bypass write:
[<scr

Bypassing the case
[]

High Level

[]
[] When you click a button keyboard at any time trigger.

Impossible Level

Storage-type XSS
Low Level

trim (string, charlist)
function removes white space on both sides of a string of characters or other predefined characters, including pre-defined character, \ t, \ n, \ x0B, \ r and space, optional parameters charlist additional support needs to be removed character of.
mysql_real_escape_string (string, connection)
function will special symbol string (\ x00, \ n, \ r, \, ', ", \ x1a) escape.
stripslashes (String)
function to remove the string backslash bar.

a front end column name character limit,
method a: f12- change the frame number limit
Method two: either to capture
three: for playing an input block in the second column

When revisit the page, it will continue to play the box
Medium Level

the strip_tags () function string stripped HTML, XML tags and PHP, but allows the use of labels.
addslashes () function returns a predefined character (single and double quotation marks, the backslash, NULL) before adding backslash character string.
-------------------------------------------

Double the bypass
[<scrip]

Case bypassed

High levels


[ ]



Impossible Level

DOM type xss

DOM attribute may trigger type of XSS:
document.referer property
window.name property
location property
innerHTML property
documen.write property

Low Level

Medium Level

High levels
[/ xss_d /? Default = English #% 3Cscript% 3Ealert (202020)% 3C / script% 3E] Refresh