Scribd Logo
Upload

Welcome to Scribd!

  • WMS Experiment-2 20BCS5931

    Uploaded by

    War Lock
    11 views8 pages
    This document is a lab report submitted by Akshat Chauhan for their Web and Mobile Security lab course. The report details an experiment on HTML injection and cross-site scripting. It describes using tools like Acunetix to test for vulnerabilities and injecting HTML and JavaScript code into vulnerable websites to demonstrate how attacks work. The results section includes screenshots showing alerts being triggered by the injected code.

    Original Description:

    Original Title

    WMS EXPERIMENT-2 20BCS5931

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document is a lab report submitted by Akshat Chauhan for their Web and Mobile Security lab course. The report details an experiment on HTML injection and cross-site scripting. It describes using tools like Acunetix to test for vulnerabilities and injecting HTML and JavaScript code into vulnerable websites to demonstrate how attacks work. The results section includes screenshots showing alerts being triggered by the injected code.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    11 views8 pages

    WMS Experiment-2 20BCS5931

    Uploaded by

    War Lock
    This document is a lab report submitted by Akshat Chauhan for their Web and Mobile Security lab course. The report details an experiment on HTML injection and cross-site scripting. It describes using tools like Acunetix to test for vulnerabilities and injecting HTML and JavaScript code into vulnerable websites to demonstrate how attacks work. The results section includes screenshots showing alerts being triggered by the injected code.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    WEB & MOBILE SECURITY LAB

    20CSP-338
    Submitted for the requirement of

    Lab Course

    Bachelor Degree of Engineering

    COMPUTER SCIENCE & ENGINEERING

    Submitted to: Submitted By:


    Er. Jayesh Surana Akshat Chauhan
    20BCS5931

    DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING


    CHANDIGARH UNIVERSITY, GHARUAN
    August-December 2022
    LAB INDEX

    NAME: Akshat Chauhan UID: 20BCS5931


    SUBJECT NAME: WMS Lab SUBJECT CODE: 20CSP-338
    Class/Section: 619/A

    Sr. Program Date Evaluation Sign


    No LW VV FW Total
    (12) (8) (10) (30)
    1. Identify Http packet on a monitoring tool like 09/08/2022
    Wireshark.

    2. Design a method to stimulate the html injection and 16/08/2022


    cross site scripting to exploit the attackers.

    ii
    Akshat Chauhan
    20BCS5964
    Experiment 1.2

    1. Aim/Overview of the practical:


    What is the concept of html injection, xss and types of xss.
    Design a method to stimulate the html injection and cross site scripting to exploit the attackers.

    2. Task to be done/ Which logistics used:


    To implement html injection and xss scripting.

    To test HTML and XSS injection.

    ACUNETIX: It is an automated web application security testing tool that audits your web applications by
    checking for vulnerabilities like SQL Injection, Cross site scripting and other exploitable vulnerabilities. In
    general, Acunetix scans any website or web application that is accessible via a web browser and uses the
    HTTP/HTTPS protocol.

    HTML INJECTION: HTML Injection also known as Cross Site Scripting. It is a type of injection vulnerability
    that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable
    web page. This vulnerability can have many consequences, like disclosure of a user’s session cookies that could
    be used to impersonate the victim, or, more generally, it can allow the attacker to modify the page content.

    XSS INJECTION: Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are
    injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to
    send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these
    attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the
    output it generates without validating or encoding it.

    3. Steps for experiment:

    a. HTML Injection.
    i. HTML inject in OWASP Mutillidae II. Web Pwn in Mass Production (Homepage).
    ii. Writing code – “<p>Param</p><marquee>exp2</marquee>”.

    1
    Akshat Chauhan
    20BCS5931
    b. XSS alert message.
    i. JavaScript inject in XSS game site (Homepage).
    ii. Writing code – “<script>alert(‘Hello’)</script>”

    4. Result/Output/Writing

    Fig 1.2.1 (HTML Inject)

    2
    Akshat Chauhan
    20BCS5931
    Fig 1.2.2 (Writing Code)

    3
    Akshat Chauhan
    20BCS5931
    Fig 1.2.3 (JavaScript Inject)

    4
    Akshat Chauhan
    20BCS5931
    Fig 1.2.4 (Writing Code)

    5
    Akshat Chauhan
    20BCS5931
    Fig 1.2.5 (Showing alert messages)

    Evaluation Grid (To be created as per the SOP and Assessment guidelines by the faculty):

    Sr. No. Parameters Marks Obtained Maximum Marks


    1.
    2.
    3.

    6
    Akshat Chauhan
    20BCS5931

    You might also like