Tour title brush station 7, DVWA XSS reflect (low, medium, high)

Others 2020-02-18 10:59:51 views: null

First, what is XSS reflect

Reflective XSS attacks, malicious code is not stored in the target site by tricking the user clicks on a link to a malicious Web site link to the target of attack.

Two, DVWA combat

1, low difficulty

Without any filter, then write directly js code

<script>alert('hack')</script>

Here Insert Picture Description

2, medium difficulty

Direct input is filtered out.
Here Insert Picture Description

Use case can be bypassed,

<sCript>alert('hack')</Script>

Here Insert Picture Description

3, high difficulty

script tag was filtered. Use the img tag, can be bypassed.

<img src=1 onerror=alert('hack')>

Here Insert Picture Description

Circle outline to fingerprint
Published 50 original articles · won praise 12 · views 1908
Private letter concerns

Guess you like

Origin blog.csdn.net/weixin_45940434/article/details/104061493
Recommended
NetBSD bans submission of code generated by AI
Ranking
Talk dubbo of LRUCache
Chapter 1 Learning Summary
Introduction to Virtualization
pytorch 调用lstm
Six modules
[8086] The natural number of 1 to 36 into a 6x6 two-dimensional array of line-sequentially, and then print out the lower left half of the triangular array
mybatis mapper mapping file $ # {} {} understanding and
C language input and output buffer
c language floating-point input and output
andorid P version compatible, refer to Huawei
Daily
More
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)

Code World

© 2018 codetd.com