Discovering Basic Reflected XSS (cross-site scripting)
OWASP
The Open Web Application Security Project is an online community that produces freely available articles, methodologies, documentation, tools, and technologies for web application security audits.
Launching OWASP
We can download and install OWASP from the official site https://www.owasp.org/.
In Kali Linux, OWASP is preloaded in its toolkit so we don’t have to install it separately. We just need to launch OWASP from its menu.
We will read and accept the license. Now, we can see the main OWASP screen.
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is vulnerable to different known attacks. Its main goal is to be an aid for security professionals to test and exploit different vulnerabilities.
Downloading DVWA
DVWA application is freely available on its official website.
We have successfully downloaded the application. Now, we are navigating into the download directory and then we will extract the newly downloaded zip file.
root@kali:~# cd Downloads
root@kali:~/Downloads# unzip -d /var/www/html/ DVWA-master.zip
Configuration
To configure DVWA, we have visited the following directories and renamed a folder and DB password in a PHP file.
Navigated into Var directory.
Navigated into WWW directory.
Navigated into HTML directory.
Renaming folder to a new name.
Navigated into Config directory.
Opening the PHP file in the configuration directory.
Changed its current address to localhost and created a password to the database.
We are going to work on our localhost. That’s why we have to run MySQL and apache services from our terminal:
root@kali:/var/www/html# service apache2 start
root@kali:/var/www/html# service mysql start
Launching DVWA
We opened our browser and typed localhost/dvwa/setup.php to launch DVWA. In the following figure, we can check all the active services.
We created a database connection and then logged in with our credentials:
Scanning and finding XSS
To scan the XSS vulnerability, we injected our payload.
To scan for XSS vulnerability in DVWA, we launched OWASP and added the localhost address of our machine in the target URL box.
Now, OWASP is scanning DVWA:
Our scan is complete. On the left side, we can see the active vulnerabilities discovered by OWASP. We have successfully managed to discover a Reflected XSS, which was our today’s goal. It is shown in the following figure: