EXPLOITATION - XSS VULNS
EXPLOITING XSS
- Run any javascript code.
- Beef framework can be used to hook targets.
- Inject Beef hook in vulnerable pages.
- Execute code from beef.
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
https://github.com/beefproject/beef
Start the BeEF service.
Login the DVWA website, then open the XSS Stored page. Sign one record on the guestbook. (Modify the maxlength if necessary)
Open the DVWA web site on the victim PC. Then login to the BeEF Control Panel. You can find the information about the hooked PC.
Create Alert Dialog and execute it.
