Before to starting, we’ll setup a virtual pentesting lab with the help of Web For Pentester toolkit which is totally based on Debian OS. As you all knows most of the web applications rely on only 3 components i.e. The Client, The Web Server and The Database. We hope you all knows a client-server architecture modal in which we use HTTP protocol. When your browser connects any URL, it’s in fact doing a TCP connection to PORT 80 of the IP address corresponding to that URL.
To Trigger a popup, we simply use alert(1);
To setup a pentesting lab, you need to download the ISO file of Web For Pentesters from the below link:
Download Link ISO – https://pentesterlab.com/exercises/web_for_pentester/iso
We’ll use VMware in this case to setup and configure this iso file. Create a new virtual machine and select “Typical” option which is the default recommended option.
After that, you need to browse the path of your ISO file which you just downloaded from above link as shown below:
Here you can put any name of your virtual machine for this ISO.
You can also define the disk size while configuring with VMware. 9 to 10GB disk size is enough for this Debian based OS.
You can also define the Memory size, suppose we allotted 1GB RAM for this ISO.
Your virtual pentesting lab is now ready to use, just type “ifconfig” and note down your IP and access that IP in your browser, you’ll get the following screen as shown below:
Cross site scripting attacks occur when data enters a web application through an untrusted source, frequently a web request or data is included in dynamic content that is sent to a web user without being validated.
Cross Site Scripting – Example 1
In below example, name parameter is vulnerable because its not being verified what kind of data is being sent.
Cross Site Scripting – Example 2
In this example, the web page is using some rendering technique which removes the script tag from the payload, so to defeat filtering, we modified the payload with some capital letters as shown below:
Cross Site Scripting – Example 3
In this example, to bypass filtering, we have to wrap the XSS payload as shown below:
Cross Site Scripting – Example 4
In this example, all script tags are being striped out no matter how you write, so we used a simple <img> tag to trigger the XSS.
Cross Site Scripting – Example 5
In this example, the word “alert” halts the execution of web app so modified our payload with Char Code technique, in which we converted all decimal characters into ASCII allowing us to bypass the preg_match function which they used.
For string char code conversion, you can use this link.
Cross Site Scripting – Example 6
Here they used some advanced level of filtering, so to bypass this, we simply modified the payload as shown below:
Cross Site Scripting – Example 7
Here we used a single quote character instead of double quote to bypass the XSS filters.
Cross Site Scripting – Example 8
Cross Site Scripting – Example 9