From the course: CompTIA PenTest (PT0-002) Cert Prep

Unlock this course with a free trial

Join today to access over 23,200 courses taught by industry experts.

Cross-site scripting demo

Cross-site scripting demo

From the course: CompTIA PenTest (PT0-002) Cert Prep

Start my 1-month free trial Buy for my team

Cross-site scripting demo

- All right, let's take a look at a specific exploit. We're going to look at cross-site scripting, how we would actually carry something like this out. So we're going to go back into our lab and we're going to be carrying out the attack from Kali Linux and we'll be attacking the then vulnerable web application. So we'll need Kali and DVWA virtual machines up and running. You don't need Metasploitable running at this point, but it doesn't hurt if it's already running. So let's take a look at how we can launch this attack. All right, so from Kali, I'm going to launch Firefox, and I will navigate to, or just type in the URL or the IP address of my DVWA box, which is 10.10.1.11. Remember that's where we launched or we're running that virtual machine. All right, and I'm going to log in as admin and the password is password. And now I get to the web application. So the first thing I'm going to do is go down here to DVWA security and I'm going to change the security to low so we can see how…

Contents