Shulou(Shulou.com)06/01 Report--

1 introduction of test environment

The test environment is the DVWA module in the OWASP environment

2 Test description

XSS, also known as CSS (CrossSite Script), is a cross-site script. It means that a malicious person inserts malicious html code into a Web page. When a user browses the page, the html code embedded in the Web will be executed, thus achieving the special purpose of malicious * * users, such as obtaining a user's cookie, navigating to a malicious website, carrying * *, and so on. Using this vulnerability, a * * person can hijack the session of an authenticated user. After the authenticated session is hijacked, the * * initiator has all the permissions of the authorized user.

3 Test steps

Enter the javascrip script code in the input box:

Alert (/ xxshack/)

After execution, a dialog box will pop up, and the cross-site script will always be on the server, and the dialog box will also pop up the next time you log in, unless deleted.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.