Cyber Security | Web Development

Lab 7: Reflected DOM XSS      Description: Reflected DOM vulnerabilities occur when the server-side application processes data from a request and echoes the data in the response.      Tool required: Burp Suite Step 1: UI View Step 2: In burp suite tool find a JSON file  Step 3: We have a JSON file restricted with eval() function. Step 4: To bypass eval() function using payload       \"-alert(1)}// Step 5: Result Lab 8: Stored DOM XSS      Description: In an attempt to prevent XSS , the website uses the JavaScript replace() function to encode angle brackets. However, when the first argument is a string, the function only replaces the first occurrence. We exploit this vulnerability by simply including an extra set of angle brackets at the beginning of the comment. These angle brackets will be encoded, but any subsequent angle brackets will be unaffected, enabling us to effectively bypass the filter and inject HTML. Step 1: Inject payload      <><img src=1 onerror=alert(1

  Lab 1: Reflected XSS into HTML context with nothing encoded           Description:  This lab contains a simple  reflected cross-site scripting  vulnerability in the search function it reflected on the client-side. Step 1: UI view Step 2: Query pass in URL Step 3: Inject payload to get attack   Payload :   <script>alert(1)</script> Step 4: Result Lab 2: Stored XSS into HTML context with nothing encoded      Description:  This lab contains a  stored cross-site scripting  vulnerability in the comment functionality it is reflected on the server-side. Step 1: UI view Step 2: Inject payload in the Comment section and to get attack  Step 3: Go back to comment section   Lab 3: DOM XSS in document.write sink using source location.search      Description: This lab contains a DOM-based cross-site scripting vulnerability in the search query tracking functionality. It uses the JavaScript document.write function, which writes data out to the page. The document.write function is cal

       This part shows how to create authentication of web application using composer Jetstream. Step 1 :      Install composer - JetStream      CMD:  composer require laravel/Jetstream   Step 2: Install livewire for jetstream composer      CMD: php artisan jetstream:install livewire     Note: I nstall this cmd itself once the above process completed Step 3: Migration process      Setup auth DB for admin and user identification in the  User table define as utype will be ADM for admin and USR for customer and users. Step 4: Migrate table to SQL Database       CMD: php artisan migrate Step 5: Run the project     CMD:php artisan serve Step 6: Check the Authentication part to route correspondent user or admin login credential. Step 7: Setup middleware      CMD: p hp artisan make:middleware AuthAdmin     Note: Start Setup below code in correspondent directory in package.   Note: End Setup below code in correspondent directory in package. Step 8:  Setup authentication session part      Ste