372
◾
Ethical Hacking and Penetration Testing Guide
Reflected/Nonpersistent XSS
This is one of the most common forms of a cross-site scripting vulnerability that you would find
in a reflected XSS attack. The input is reflected back to the user, and it’s
not stored on the server
or the database. These types of XSS attacks are a bit harder to exploit, since we need the victim to
click our specially crafted payload.
Let’s talk about an example of a simple cross-site scripting vulnerability. I will use dvwa to
demonstrate the attacks on low, medium, and high security levels. Let’s
start by looking at the
underlying vulnerable code for a low security level.
Vulnerable Code
As you can clearly see, the input taken from the user via the GET variable
name
is being
reflected back to the user without any sanitization.
Most
of the times, you'd be performing a black box penetration test in your career as a pen-
etration tester. Therefore, you won’t have access to the underlying code
for performing a source
code review. In that case, we would need to perform black box penetration testing. So our first test
would be to inject the payload '"<>();[]{}XSS and see how the page returns.
After injecting
the payload from the source, we can see that no escaping is being performed
on the input.
Let’s try injecting the following piece of code:
