cybNg.com

DVWA XSS (Stored)

Previous

Let's write our message on the main webpage and delete or replace the main content of the page.


What is XSS (Stored)

Deface ?, When we change the content of any webpage according to our own, it is called Deface attack.You must have seen many times when a hacker writes his message on the main page of a website, it is called a deface attack.

Security Low

  1. First set security lavel to low
  2. Now open the Xss (Reflected) page
  3. Do with this example , just copy and paste it on your input box and submit it.
<script> alert(document.cookie)</script>
<script> alert(document.cookie);</script>

Clicking on the Sign Guest button, you will see that the attack will be successful.


💡 Tip: Reset the data base after doing any attack in Dwva.

Security Medium

  1. First set security lavel to medium
  2. Now right click on Name input box and select inspect
  3. Now set the maxlength at 100 <input name="txtName" type="text" size="30" maxlength="100">
<body onload=alert("XSS")>

Clicking on the Sign Guest button, you will see that the attack will be successful.

Security High

  1. First set security lavel to low
  2. Now open the Xss (Reflected) page
  3. Do with this example , just copy and paste it on your input box and submit it.
<img src=1 onerror=alert("XSS")>

Clicking on the Sign Guest button, you will see that the attack will be successful.


💡 Tip: Security lavel Impossible is filter by htmlspecialchars() so it can't be bypass


Previous
cybNg Designed for learning, testing and training. Examples are simplified to improve reading and basic understanding, tutorials and examples are constantly reviewed to avoid over-comprehension and errors, but we cannot warrant the complete accuracy of all content. While using this site, you agree to read and accept our use, cookie and privacy policy. All the information given in it is made for education purpose only, there will be no responsibility of this website or this organization for misuse of the information given in it. We hope that all the information provided in it is good for our students. So that it helps improve the cyber world.