[面包]MrTwoC

你好，欢迎来到这个基于区块链的个人博客名字：面包 / MrTwoc 爱好：跑步(5/10KM)、咖啡、游戏(MMORPG、FPS、Minecraft、Warframe) 兴趣方向：Rust、区块链、网络安全、量子信息(量子计算)、游戏设计与开发

XSS Exploitation

Feb 13, 2024#Web2Security #Xss21

AI Translation

This post is translated from Chinese into English through AI.View Original

AI-generated summary

DVWA原理是指恶意攻击者通过插入恶意可执行网页脚本代码来攻击Web页面，当用户浏览该页面时，嵌入其中的脚本代码会被执行，从而导致攻击者可以盗取用户信息或侵犯用户安全隐私。Stored是一种中等难度类型，包括反射型、存储型和DOM型。其中，存储型危害等级最高。利用这种漏洞的难度分为easy和medium，分别对应不同的代码执行。

DVWA
Principle:
Malicious attackers insert malicious executable web script code into web pages. When users browse these pages, the embedded script code inside the web pages will be executed, allowing attackers to steal user information or violate user security and privacy.
Stored - Medium difficulty
Type:
Reflected
Stored
DOM-based, with stored type being the most harmful
Exploitation:
easy:
medium: <img src="1" onerror=alert("123")>
high: <img src="1" onerror=alert("123")>

Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.

Blockchain ID
#60961-13
Owner
0x4cc7cb48adf7c465a49f98aecafe7948450d85b2
Transaction Hash
Creation 0xac69a89b...32e6ca54f9 Last Update 0xac69a89b...32e6ca54f9
IPFS Address
ipfs://QmaGZzhZRgnN6pDBfKHMBBUyqzy8crp7oXQnBRgKP9QEn6