First do the preparation as described in Attack DVWA weak session IDs.
Then come to XSS(DOM) section. Try to select a language as prompted.
Noticed that there's a variable implying the language you select: default
and try input something into variable called default.
DOM based XSS is somehow like the relfected XSS. So you can see when we input something weird into variable default. It's reflected directly.
Now come to PentestSuite, find the request directly and click resend button, or you could use blocker to intercept the request to locate it.
Now notice the response we got. Here's some JavaScript codes describing how browser will treat variable default.
Here we noticed that the browser will reflect our input by variable default.
And variable default will be processed by function decodeURI().
So now we try to input normal XSS payload:
<script>alert()</script>
and see what happened. Here we input this line of code to URL parameter default.
That means, we just input this to internal browser and try to access the server:
http://192.168.1.4:8081/DVWA-master/vulnerabilities/xss_d/?default=<script>alert()</script>
When the difficulty is set to low, you will directly see the pop up window like this:
We will talk about other diffuculties in next days.
Comments
Post a Comment