Reflective XSS is also known as non-persistent CSS. When a user accesses a URL request with an XSS code, the server receives the data after processing, and then sends the data with the XSS code to the browser, and the browser resolves this piece of data with XSS code, resulting in an XSS vulnerability. This process is like a reflection, so it's called reflective XSS.
Dvwa–low
There is no filtering for the name parameter that accepts user data, and it is output directly in the Web page.
<script>alert (Document.cookie) </script>
# Here, Chrome does not allow any pop-up windows by default, such as using chrome testing, please set first.
# Here's the link:http://jingyan.baidu.com/article/466506580d9828f549e5f8d1.html
Dvwa-medium
Or first look at the source code, medium in the output name parameter before the data, the first with the Str_replace () function is processed, the purpose is to replace <script> empty.
Here, we can use the uppercase <SCRIPT>
Eg: <script>alert (document.cookie) </SCRIPT>
Also, you can cross-dock through HTML.
Eg:
# is a picture tag in HTML, this statement means inserting a picture in the Web page, "src=1" specifies the URL of the picture file, if the picture does not exist (it certainly does not exist), then the error box will pop up to achieve the effect of the box.
Dvwa-high
Check out the high level source code, which uses the Htmlspecialchars () function to filter. This function can be & (and number), "(double quotes)," (single quotes), < (less than), > (greater than) These sensitive symbols are escaped, all the cross-site statements are basically inseparable from these symbols, so only need this one function to block the XSS vulnerability, So the code defense of the cross-site vulnerability is still relatively simple.
Reference:1.DVWA Series 20 Reflective XSS analysis link:http://yttitan.blog.51cto.com/70821/1728465 2.WEB Security Depth Analysis-Zhang Bingxian
Reflective XSS & DVWA