Header Ads

XSS DNS Lookup Page Bypassing Javascript Validation

Mutillidae uses JavaScript validation on many pages. Although the dns-recon.php page is intended to give a target to try operating system command injection, the page also contains a cross site scripting flaw. In security level 1, we bypass the javascript validation and locate the flaw in the page. Once found we exploit the flaw with a trivial popup box to show the vulnerability.

Powered by Blogger.