DVWA Testing Part I

This post is part I of a tutorial on DVWA, which stands for Damn Vulnerable Web App.

The point of DVWA is to introduce Infosec professionals to common web application vulnerabilities through hands on experience.

Excercise I : Cross Site Scripting

XSS or cross site scripting is all about exploiting the browser’s trust in the user. Basically what we do is input executable code into the site’s web browser in order to manipulate it’s outputs.

Here is an example.

Instead of putting in Bob who has a comment of something something darkside..,

Redirect the user from safety to hot water using window.location(); Here is the input to put in.

Note I have to break up this code here or else I am actually redirected there from this Github page…

window.location=(“http://ue.com”) between 2 javascript tags

This launches every single time the page is refreshed, redirecting the user to a site I found for this purpose that sells something like bluetooth speakers called ultimateears.

screenshot

Written on May 14, 2018