[面包]MrTwoC

你好，欢迎来到这个基于区块链的个人博客名字：面包 / MrTwoc 爱好：跑步(5/10KM)、咖啡、游戏(MMORPG、FPS、Minecraft、Warframe) 兴趣方向：Rust、区块链、网络安全、量子信息(量子计算)、游戏设计与开发

XSS Exploitation

Feb 13, 2024#Web2Security #Xss31

AI Translation

This post is translated from Chinese into English through AI.View Original

AI-generated summary

The DVWA principle involves malicious attackers inserting malicious executable web script code into web pages. When users browse these pages, the embedded script code is executed, allowing attackers to steal user information or violate user security and privacy. The stored type of attack is of medium difficulty and includes reflection, storage, and DOM types. The severity of the storage type is categorized as easy or medium, with specific examples provided.

DVWA
Principle:
Malicious attackers insert malicious executable web script code into web pages. When users browse the page, the embedded script code inside the web page will be executed, allowing attackers to steal user information or violate user security and privacy.
Stored - Medium difficulty
Type:
Reflected
Stored
DOM, with stored type being the most harmful
Exploitation:
easy:
medium: <img src="1" onerror=alert("123")>
high: <img src="1" onerror=alert("123")>

Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.

Blockchain ID
#60961-13
Owner
0x4cc7cb48adf7c465a49f98aecafe7948450d85b2
Transaction Hash
Creation 0xac69a89b...32e6ca54f9 Last Update 0xac69a89b...32e6ca54f9
IPFS Address
ipfs://QmaGZzhZRgnN6pDBfKHMBBUyqzy8crp7oXQnBRgKP9QEn6