From the course: CompTIA PenTest (PT0-002) Cert Prep
Unlock this course with a free trial
Join today to access over 23,200 courses taught by industry experts.
Cross-site scripting demo
From the course: CompTIA PenTest (PT0-002) Cert Prep
Cross-site scripting demo
- All right, let's take a look at a specific exploit. We're going to look at cross-site scripting, how we would actually carry something like this out. So we're going to go back into our lab and we're going to be carrying out the attack from Kali Linux and we'll be attacking the then vulnerable web application. So we'll need Kali and DVWA virtual machines up and running. You don't need Metasploitable running at this point, but it doesn't hurt if it's already running. So let's take a look at how we can launch this attack. All right, so from Kali, I'm going to launch Firefox, and I will navigate to, or just type in the URL or the IP address of my DVWA box, which is 10.10.1.11. Remember that's where we launched or we're running that virtual machine. All right, and I'm going to log in as admin and the password is password. And now I get to the web application. So the first thing I'm going to do is go down here to DVWA security and I'm going to change the security to low so we can see how…
Contents
-
-
-
-
-
-
-
OWASP Top 108m 40s
-
(Locked)
Application exploits, part 15m 34s
-
(Locked)
SQL injection demo8m 41s
-
(Locked)
Labtainers lab: SQL injection2m 38s
-
(Locked)
Application exploits, part 28m 2s
-
(Locked)
Application exploits, part 39m 11s
-
(Locked)
Cross-site scripting demo7m
-
(Locked)
Labtainers lab: Cross-site scripting1m 36s
-
(Locked)
Labtainers lab: Cross-site request forgery1m 14s
-
(Locked)
Code vulnerabilities16m 36s
-
(Locked)
API attacks and attack resources6m 28s
-
(Locked)
Privilege escalation: Linux9m 37s
-
(Locked)
Privilege escalation: Windows6m 9s
-
(Locked)
Miscellaneous privilege escalation7m 54s
-
(Locked)
Miscellaneous local host vulnerabilities8m 5s
-
-
-
-
-
-
-
-