The document discusses cross-site scripting (XSS) vulnerabilities on a DVWA web application. It explains that XSS allows attackers to inject malicious scripts that are executed by users' browsers. There are three types of XSS: stored, reflected, and DOM-based. The demonstration shows how to perform a stored XSS attack by injecting an alert script that is executed when another user views the stored message. It then demonstrates fetching the user's cookies to steal session data.

1. IN
DVWA
XSS
EC DEPARTMENT

2. RUTVIK PATEL
 170390111007
AKASH MALAVIYA
 170390111006
Arranged By :
EC DEPARTMENT

3. Cross-site Scripting (XSS) on
DVWA: Cross-site Scripting (XSS) is one of the common
vulnerabilities found in web applications. It is considered as a
type of injection in the client-side that will affect the other users.
It also may be used by attackers to bypass access controls
such as the same-origin policy.
How does XSS works?
 First, malicious scripts are injected into a website by the attacker and
the other users’ browsers will automatically execute the script because
it thinks that the script come from the web application itself.
 With XSS, we can access any cookies, session tokens, or other
sensitive information retained by the browser and used on that site.
These scripts can even rewrite the content of the HTML page.

4. There are three types of XSS:
 Stored XSS (Type I): It occurs when user input is stored on the target
server, such as in a database, in a message forum, visitor log, comment
field, etc. And then a victim is able to retrieve the stored data from the web
application without that data being made safe to render in the browser.
 Reflected XSS (Type II): It occurs when user input is immediately
returned by a web application in an error message, search result, or any
other response that includes some or all of the input provided by the user as
part of the request, without that data being made safe to render in the
browser, and without permanently storing the user provided data. In some
cases, the user-provided data may never even leave the browser.
 DOM-Based XSS (Type 0): It is a form of XSS which appears in
document object model or DOM environment instead of HTML page. For
example, the source could be the URL of the page it could be an element of
the HTML.

5. Demonstration:
 Step 1. Stored XSS generally occurs when user input is stored on the target
server, such as in a database, in a message forum, visitor log, comment field,
etc.
 and then a victim is able to retrieve the stored data from the web application
without that data being made safe to render in the browser.

6.  Step 2. Now have a look over a small script which would generate an
alert window. So in the text area given for message I will inject the script
which get store in the server.

7.  Step 3. Now when user will visit this page to read our message his
browser will execute our script which generates an alert prompt as
showing following screenshot.
 This was a small demo to show how to inject any script if server is
suffering from XSS and further you will learn what else an attacker
can do to cause damage inside a web application server.

8.  Step 4. If attack is aware that the web server is having XSS then
he might think to steal the web cookies which contain session Id
therefore he will generate a script to fetch running cookies.
 In following screenshot you can see I have injected the script to
get web page cookies.

9.  Step 5. Here in given below image when I have executed the script I
have successfully fetched the browser cookies and now further I will
use this cookies for retrieving the data of web application server.

10. EC DEPARTMENT