XSS DVWA learning
reflective XSS
Low Level
【】
Medium Level
Double bypass write:
[<scr
Bypassing the case
[]
High Level
[]
[] When you click a button keyboard at any time trigger.
Impossible Level
Storage-type XSS
Low Level
trim (string, charlist)
function removes white space on both sides of a string of characters or other predefined characters, including pre-defined character, \ t, \ n, \ x0B, \ r and space, optional parameters charlist additional support needs to be removed character of.
mysql_real_escape_string (string, connection)
function will special symbol string (\ x00, \ n, \ r, \, ', ", \ x1a) escape.
stripslashes (String)
function to remove the string backslash bar.
a front end column name character limit,
method a: f12- change the frame number limit
Method two: either to capture
three: for playing an input block in the second column
When revisit the page, it will continue to play the box
Medium Level
the strip_tags () function string stripped HTML, XML tags and PHP, but allows the use of labels.
addslashes () function returns a predefined character (single and double quotation marks, the backslash, NULL) before adding backslash character string.
-------------------------------------------
Double the bypass
[<scrip]
Case bypassed
High levels
[ ]
Impossible Level
DOM type xss
DOM attribute may trigger type of XSS:
document.referer property
window.name property
location property
innerHTML property
documen.write property
Low Level
Medium Level
High levels
[/ xss_d /? Default = English #% 3Cscript% 3Ealert (202020)% 3C / script% 3E] Refresh