XSS Exploitation in DVWA (Bypass All Security)
In previous tutorial I have discussed cross site scripting attack and looked over the damage cause by it. Where I briefly explained the type of XSS vulnerability; now in this tutorial you will learn how to bypass both type of XSS vulnerability (store and reflected) in all three security levels if the web application is suffering from it.
Reflected Cross Site Scripting
Set security low
Explore localhost IP in browser; now login with admin: password and select the reflected cross site scripting vulnerability from given list of vulnerabilities.
Now have a look over a small script which would generate an alert window. So in the given text field for "name" I will inject the script in the server.
//
Browser will execute our script which generates an alert prompt as showing following screenshot.
In low security it will easily bypass the injected script when an attacker injects it in the text field given for "name"which should be not left empty according developer.
Set Security Medium
In medium security if you visit to view source of its web page then you will find that the highlighted content has added an extra layer of security to the inserted input in text field given for "name" which will check for script tag to disable the java script.
str_replace — Replace all occurrences of the search string with the replacement string And if an attacker tries to inject a script using script tag, the string inside script will get replaced to blank space.
It could be considered as case sensitive because the given PHP script will check for // or using other HTML tag to bypass medium security.
