Theme Layout

Boxed or Wide or Framed

Wide

Theme Translation

Display Featured Slider

Featured Slider Styles

Display Grid Slider

yes

Grid Slider Styles

Display Trending Posts

Display Author Bio

Display Instagram Footer

off

Dark or Light Style

Light
Powered by Blogger.
Navigation Menu

All rights reserved
komorebi 2016

Showing posts with label Beebox. Show all posts
Showing posts with label Beebox. Show all posts

Friday, December 30, 2016

[High] HTML Injection - Stored (Blog)

[High] HTML Injection - Stored (Blog)

Posted by 4:59:00 PM

# Introduction

BWAPP → High → HTML Injection - Stored (blog)


# Training

: I put the value I used in the low step, As a result, output is as follows.



I check at /var/www/bWAPP/htmli_stored.php to see how it works.



I check functions_external.php to see the xss_check_3 function.


The htmlspecialchars function has been mentioned previously, so it is omitted.






Read more »
Unknown
0 Comments

You Might Also Like

Web

Monday, December 26, 2016

[low] HTML Injection - Stored (Blog)

[low] HTML Injection - Stored (Blog)

Posted by 5:59:00 PM

# Introduction

BWAPP → Low→ HTML Injection - Stored (blog)



# Training

: The ''htmli_stored.php'' page is a  blog format.


Therefore, It is possible to save HTML tags so that the administrator can output unintended contents. Or When type in the text field on the blog and click [Go], Transfer the input and move to another page. 

The contents of the exercise are as follows.
 : Moving from htmli_stored.php to htmli_post.php using a text field.

First, copy the page format from htmli_post.php to use the htmli_post.php page format.



When fetching page formates, It's easy to import using the web developer tools in browser.


Put this code in the textfield and click [submint] to add it.




When user enter data in both fields and press [Go], the user moves to the page.




Read more »
Unknown
0 Comments

You Might Also Like

Web

Friday, December 23, 2016

[Medium] HTML Injection - Reflected (POST)

[Medium] HTML Injection - Reflected (POST)

Posted by 10:33:00 AM

# Introduction

 :BWAPP → Medium→ HTML Injection - reflected (POST)


# Training

 :As before, I did the exercises without reference to the source code. When I input the value used in the previous step, It will be output as plain text as follows.


So, I checked the input values to the server using the buff suite.


I found that the value passed to the server is encoded( <, > encoded to %3C, %3E).If I input this values, I thought that the specific function of html_post.php encode it once and pass it to the server. If I visualize what I think, it is as follows.


When I input the value, It was passed to the server as follows.


When I forward values, I could use the html tags.



Read more »
Unknown
0 Comments

You Might Also Like

Web
Subscribe to: Posts (Atom)

Follow @SunriseSunsetBlog