InfoSecLabs
  • Information Security Labs
  • Cryptography
    • Introduction to OpenSSL/LibreSSL
    • Symmetric cryptography
    • Asymmetric cryptography
    • Hashes and Message Authentication Codes
    • Elliptic Curve Cryptography
    • Diffie-Hellman (DH)
    • Digital Signatures
    • Digital Certificates
    • S/MIME
    • OCSP - Online Certificate Status Protocol
    • SSL/TLS
  • Passwords
    • Understanding and attacking password-based systems
    • THC-Hydra
    • John the Ripper
    • Hashcat
  • Vulnerability Testing
    • Introduction to vulnerability testing
    • Reconnaissance and Footprinting
      • OSINT
      • Maltego
      • Recon-ng
      • theHarvester
      • dmitry
    • Scanning and Enumeration
      • Nmap
      • Hping3
    • Vulnerability Identification and Analysis
      • OpenVAS
        • OpenVAS Architecture
        • Installing OpenVAS on Kali Linux
        • Starting and Stopping OpenVAS
        • Navigating through OpenVAS
        • Scanning a target
      • Nessus
  • Vulnerability Exploitation
    • About the Metasploit Framework
    • Basics of Metasploit Framework
    • Exploitation with Metasploit Framework
      • vsftp Backdoor Vulnerability [CVE-2011-2523]
      • UnrealIRCd backdoor [CVE-2010-2075]
      • distCC RCE [CVE-2004-2687]
      • Java RMI Server Insecure Default Configuration RCE Vulnerability
      • VNC Brute Force Login
      • MySQL / MariaDB Default Credentials (MySQL Protocol)
      • SAMBA (Samba “username map script” Command Execution)
      • Tomcat (Apache Tomcat Manager Application Deployer Authenticated Code Execution)
      • Apache (CGI Argument Injection)
      • Windows Eternalblue [CVE-2017-143,144,145,146,148]
    • Create payload to exploit users
  • Application Security
    • DVWA - Damn Vulnerable Web Application
      • Introduction
      • Setup
      • Web Apps Vulnerability Testing
        • Brute-Force
        • Command Injection
        • File inclusion
        • File upload
        • SQL Injection
        • SQL Injection (Blind)
        • XSS (Reflected)
        • XSS (Stored)
  • Social Engineering
Powered by GitBook
On this page
  1. Application Security
  2. DVWA - Damn Vulnerable Web Application
  3. Web Apps Vulnerability Testing

XSS (Reflected)

PreviousSQL Injection (Blind)NextXSS (Stored)

Last updated 2 years ago

In this type of vulnerability, the attacker will seek to exploit the possibility of sending a Javascript command to the application, causing it to be executed and produce effects on the server where the application is hosted.

In the specific case of this example, the DVWA presents a page where the name of a user is requested. After the introduction, it then writes a message on the page with the name entered by the user.

Thus, after entering the name, and after pressing the submit button, a page is displayed showing a message with the user's name.

But what happens when a possibly malicious user, instead of entering a name, can enter a Javascript command, thus leading to the execution of an XSS (Cross-Site Scripting) attack.

In this case, the Javascript command that will be entered is as follows:

<script>alert('xssed')</script>

With this, when the script is submitted, it is sent back to the web browser and is executed, with the result that a popup window is shown with an "xssed" message.

In the same way that it is possible to execute Javascript commands in an application so that they are then reflected to the client's browser.

Next we will test a new type of Javascript payload to print the cookie that is being sent to a Web browser.

<script>alert(document.cookie)</script>

As we can see in the following image, the result is a popup window where the cookie being sent to the client is printed out.