Comments

Tuesday, January 14, 2014

bWAPP Cross-Site Scripting (XSS)

Posted by at Tuesday, January 14, 2014 Read our previous post

 

 

 

bWAPP, or a buggy web application, is a deliberately insecure web application.
bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. It prepares to conduct successful penetration testing and ethical hacking projects. It is for educational purposes only.

What makes bWAPP so unique? Well, it has over 60 web bugs!
bWAPP covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project!

The OWASP Top 10 provides an accurate snapshot of the current threat landscape in application security and reflects the collaborative efforts and insights of thousands of accomplished security engineers. To reflect the ongoing changes in technology and common online business practices, the list is periodically updated.

You can download bWAPP from here. Have fun!
It's also possible to download our bee-box, a custom Linux VM pre-installed with bWAPP.

 

Cross-Site Scripting (XSS)

Part 1-8 Low

XSS - Reflected (GET)
XSS - Reflected (POST)

XSS - Reflected (Back Button)

XSS - Reflected (Eval)

XSS - Reflected (Referer)

XSS - Reflected (User-Agent)

XSS - Stored (Blog) XSS - Stored (Cookies)

 

Im not a XSS Pro but i love to learn new things.Maybe im wrong with some stages.

 

XSS - Reflected (GET)

 

The Url is vuln XSS Inject.

http://192.168.178.22/bWAPP/xss_get.php?firstname=<Inject code here>&lastname=<or Inject code here>&form=submit

 

HTML Injection - Reflected (GET)

The Input Box is Vuln to XSS Scripting.You can grab cookies and other things.

 

XSS - Reflected (Back Button)

Dont know it atm .....

 

XSS - Reflected (Eval)

Maybe Url Vuln to add XSS script code dont know if im right never xss before.

 

XSS - Reflected (Referer)

Dont know it atm .....

 

XSS - Reflected (User-Agent)

Normal Output with normal User-Agent :

 

You can Inject XSS code into User-Agent

Change User-Agent with Tamper or other tools.

 

XSS - Stored (Blog)

 

You can store your XSS code into the blog and every time a new user vist the site the xss popup.

 

XSS - Stored (Cookies)

Dont know it atm sry i never XSS before .....XSS is not my world

2 comments:

  1. Cant see the image ...same here :(

    ReplyDelete
  2. There's an incredible new opportunity that is gaining rapid popularity online.

    Major companies are paying average people just for sharing their opinions!

    You can earn from $5 to $75 per survey!

    And it is open to anybody from any country!

    ReplyDelete

[#] iNFO [#]

All the information provided on this site is for educational purposes only.
 
The site and it's author is in no way responsible for any misuse of the information.
©2012 Security is just an Illusion is powered by Blogger - Template designed by Stramaxon - Best SEO Template