XX attack - reflective XSS attack hijacking user browser

Let's build a reflective XSS The attack jumps to the vulnerable page . In fact, it can also be in DVWA Attack directly in , But we constructed a relatively complex environment for demonstration purposes .

<script>

window.onload = function() {

var link=document.getElementsByTagName("a");

for(j = 0; j < link.length; j++) {

link[j].href="http://www.baidu.com";}

}

</script>

JavaScript The code analysis window.onload When the web page is loaded , perform function Anonymous functions

The functionality ：document.getElementsByTagName Gets all of the a label , Store in link Array , Use for The cycle will link Replace all elements in the array with malicious URLs .

open chrome browser , We're in reflex XSS Test the effect

Sign in http://192.168.98.66/DVWA-master/login.php user name ： admin password ：password , Change it to low Level