
Overview
This article shows you how to perform an XSS Injection attack test on a Web server system containing DVWA vulnerabilities to understand more about the attack method and thereby draw solutions to overcome the attack
Damn Vulnerable Web Application (DVWA) is a PHP/MySQL source code application that bundles web application security logic errors in PHP source code. Logical errors when programming can be applied to all kinds of programming languages to reduce the possibility of creating security holes from careless programming thinking. The main goal of DVWA is to create a legitimate hacking/pentest practice environment. Help web application developers understand more about safe and secure programming. Besides, DVWA also provides teachers/students with methods to learn and practice basic and advanced web application security attacks
Here I use the Sophos XGS firewall appliance
Diagram

How to configure
- Install Web Server that contains vulnerabilities (here I use DVWA)
- To install DVWA Server, see this article
Configure NAT for DVWA Web server using port 80 and try XSS Injection attack
- Login to Sophos XGS firewall device with Admin account
- Create Host for DVWA Web server -> Go to Hosts and services

- Enter name for Server
- In IP version: Choose IPv4
- In Type: Choose IP
- In IP address: Enter IP address of DVWA web server
- Click Save

- Got to Rules and policies -> Choose NAT rules tab -> Click Add NAT rule -> Choose Server access assistant (DNAT)

- In Internal server IP address -> Choose Host web server DVWA that was created before -> Click Next

- In Public IP address -> Choose network port with IP WAN that you want to public web server DVWA -> Click Next

- In Services -> Choose HTTP and HTTPS service -> Click Next

- In External source networks and devices -> Choose Any -> Click Next

- Click Save and finish

- Check access to web server DVWA

- Perform XSS Injection to web server DVWA
- Choose XSS (DOM)

- When we select a language and press Select
- Looking at the path bar we will see the results it returns on the path
http://172.16.31.84/dvwa/vulnerabilities/xss_d/?default=English

- Here I will replace it with an XSS attack script
http://172.16.31.84/dvwa/vulnerabilities/xss_d/?default=<script>alert(document.cookie)</script>
- We will see the session ID, the user’s cookie

Leave a Reply