In this article, I want to show you some XSS attacks. I hope your lab is ready! If not, just go to this article (https://steemit.com/hack/@pierlave/learn-web-hacking-2-01-xss-lab) and get ready to learn!
For XSS detection, a typical payload would be:
The alert function will show us a popup box and document.cookie will show us the actual cookie. If the box appears, you know it's vulnerable to XSS attacks.
First demonstration, Reflected XSS
For this demonstration, we will use Mutilidae to show you reflected XSS. In Mutilidae you have difficulty levels. Level 0 is the easiest and it goes up in challenge.
Reflected XSS level 0
Go to Mutilidae in the OWASP 2017 / XSS / reflected / DNS lookup.
To try it, just insert your payload in the field then press Enter. You see the popup box! This page is vulnerable.
You can go and see the source code by pressing right click, view page source.
We see our code was interpreted by the browser, there is no encoding of characters.
Reflected XSS level 1
Now we can ramp up the difficulty to level 1! We can try the same payload. This time we see there is a character limit so we can't send our payload! To bypass this, we can start burp and intercept the request.
You can insert your payload in burp then press forward!
You have now bypassed the character limitation of this application!
Reflected XSS level 5
Time to ramp up again!
This time we can intercept the request with Burp and send the payload again!
The results is Error: Invalid input! This is a good example of filtering/encoding special characters.
This was a quick view of reflected XSS, in the next article we will see stored XSS!
The information provided on hacking is to be used for educational purpose only. The creator is in no way responsible for any misuse of the information provided. All the information provided is meant to help the reader develop a hacker defense attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. The word "Hacking" should be regarded as "Ethical hacking". You implement the information given at your own risk