DVWA Walkthrough (Low level) Low: XSS (DOM) Vulnerablility URL: http://127.0.0.1:42001/vulnerabilities/xss_d/ How to test: https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/01-Testing_for_DOM-based_Cross_Site_Scripting.html Observation 1 Pick any language from the dropdown list, then press the Select button. If the selected language is “English” then, the address will be changed to http://127.0.0.1:42001/vulnerabilities/xss_d/?default=English Modify the address to http://127.0.0.1:42001/vulnerabilities/xss_d/?default=Assyrian , then Assyrian will be appeared in the dropdown list. page source <div class="vulnerable_code_area"> <p>Please choose a language:</p> <form name="XSS" method="GET"> <select name="default"> <script> if (document.

=========== CAUTION - DO NOT be bothered by manually installing DVWA (Hightly possibly, it will fail). =========== Installing VMs Tip: VMWare-Tools for Ubuntu/Kali VM on VMWare Fusion Installing VMWare-Tools $ sudo apt install open-vm-tools when shared folder doesn’t work even after the vmware-tools are installed $ sudo umount /mnt/hgfs $ sudo mount -t fuse.vmhgfs-fuse .host:/ /mnt/hgfs -o allow_other Install Kali (.iso) on VMWare Fusion on Apple silicon(M2) Download Kali .iso for Apple silicon: https://cdimage.