bWAPP - Cross Site Scripting Reflected (User-Agent)

bWAPP – Cross Site Scripting Reflected (User-Agent)

In this walk through, we will be going through the Cross Site Scripting Reflected (User-Agent) vulnerability section from bWAPP Labs. We will be exploring and exploiting Reflected Cross Scripting vulnerability in User-Agent Header and learn how application are affected because of it. So, let’s get started with the Hacking without any delay.

Cross Site Scripting Reflected (User-Agent)

Security: Low

  • Setting the security level to Low.

Security level Low

  • The application displays the user’s User Agent by issuing a GET request to xss_user_agent.php page.

XSS - Reflected (User-Agent)

Burpsuite intercept

  • I intercepted the request and changed the user-agent header with the below payload. Forwarding the request gives us the pop-alert box confirming the XSS vulnerability.

<script>alert("Hacked")</script>

Payload

Hacked pop up alert

Security: Medium

  • Setting the security level to Medium.

Security level medium

  • I used the previously used payload and it didn’t work as the application has slashes in the string – Hacked.

Burpsuite intercept

Your User-Agent

Page source code

  • I used the below payload instead and it worked.

<script>alert(1)</script>

Payload

XSS Pop up alert

  • Not working in High level due to HTML addslashes.

Also Read: bWAPP – Cross Site Scripting Reflected (HREF)

Conclusion:

Conclusion

So, we finally completed all the security levels for the bWAPP Cross Site Scripting Reflected (User-Agent) Vulnerability. We looked into the various ways how application has been set up in various levels and how we can bypass the security controls implemented. Reflected-XSS attacks can be mitigated by performing input sanitization on endpoints, whitelist the allowed characters in the input and using a WAF. Along with that, we can prevent data from any untrusted source to be dynamically written to the HTML document. On that note, i will take your leave and will meet you in next one with another bWAPP vulnerability writeup, till then “Keep Hacking”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top