Wednesday, December 29, 2021

cross site scripting intro bWAPP

downlaod bwapp @ http://www.itsecgames.com/download.htm

start sql server, log in as admin

extract bwapp.zip, change database setting @ bWAPP_latest/bWAPP/admin/settings.php

serve bWAPP
cd /home/kali/Downloads/bWAPP_latest/bWAPP/
php -S 127.0.0.1:80 -t .

open install page
http://127.0.0.1/install
install successful
dbeaver &
database created

create login

select reflected get from portal

inject script

script executed

select xss-stored form portal, inject script, submit
script is saved on database

refresh page, stored script is executed
reference:
https://www.youtube.com/watch?v=2_lswM1S264
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)