XSS

XSS is a hacking technique that uses a script-injection method with a certain gap in a web page. The gap can sometimes be through the input form, or by modifying the URL parameter. The script that is injected, there are several kinds, can HTML tags, JavaScript, PHP, ASP (as web server), etc.

There are two methods used in using the XSS :

- XSS Reflected

XSS Reflected is An attack in which the code is entered using a special way for victims

example :

1. open dvwa in web browser
2. change security in low
3. chose XSS reflected button
4. input the script

<script>prompt("Masukan Nomor PIN Anda?"," ");</script>

5. submit

6. success

• XSS stored

Xss Stored is An attack in which the code is entered and stored permanently in the target server.

1. XSS Stored Menu

a. Select "XSS Stored" from the left navigation menu.

2. Basic XSS Test

a. Name: coba1

b. Message: <script>alert("Welcome to my web")</script>

c. Click Sign Guestbookt

3. View coba1 Results
   
   
   
   
   4. Reset Database

a. Select "Setup" from the left menu navigation.

b. Click on the Create / Reset Database Button.

Notes :

a. We need to reset the database otherwise the each XSS exploit will appear for each example.

5. XSS Stored Menu

a. Select "XSS Stored" from the left navigation menu.

6. XSS coba

a. Name: coba

b. Message: <iframe src="http://www.dvwa.com"></iframe>

c. Click Sign Guestbook

7. View coba Results