Added hints for dom-based xss assignment (part 1)
This commit is contained in:
Benedikt - Desktop
Nanne Baars
parent
46f92dad3b
commit
362671e67e
@ -2,6 +2,7 @@
|
|||||||
package org.owasp.webgoat.plugin;
|
package org.owasp.webgoat.plugin;
|
||||||
|
|
||||||
import org.owasp.webgoat.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.assignments.AssignmentEndpoint;
|
||||||
|
import org.owasp.webgoat.assignments.AssignmentHints;
|
||||||
import org.owasp.webgoat.assignments.AssignmentPath;
|
import org.owasp.webgoat.assignments.AssignmentPath;
|
||||||
import org.owasp.webgoat.assignments.AttackResult;
|
import org.owasp.webgoat.assignments.AttackResult;
|
||||||
import org.owasp.webgoat.session.UserSessionData;
|
import org.owasp.webgoat.session.UserSessionData;
|
||||||
@ -45,6 +46,7 @@ import java.io.IOException;
|
|||||||
* @created October 28, 2003
|
* @created October 28, 2003
|
||||||
*/
|
*/
|
||||||
@AssignmentPath("/CrossSiteScripting/attack6a")
|
@AssignmentPath("/CrossSiteScripting/attack6a")
|
||||||
|
@AssignmentHints(value = {"xss-reflected-6a-hint-1", "xss-reflected-6a-hint-2", "xss-reflected-6a-hint-3", "xss-reflected-6a-hint-4"})
|
||||||
public class CrossSiteScriptingLesson6a extends AssignmentEndpoint {
|
public class CrossSiteScriptingLesson6a extends AssignmentEndpoint {
|
||||||
@Autowired
|
@Autowired
|
||||||
UserSessionData userSessionData;
|
UserSessionData userSessionData;
|
||||||
|
|||||||
@ -11,7 +11,11 @@ xss-reflected-5a-hint-4=Just try purchasing something. You want your script to b
|
|||||||
xss-reflected-5b-success=Correct ... because <ul><li>The script was not triggered by the URL/QueryString</li><li>Even if you use the attack URL in a new tab, it won't execute (becuase of response type). Try it if you like.</li></ul>
|
xss-reflected-5b-success=Correct ... because <ul><li>The script was not triggered by the URL/QueryString</li><li>Even if you use the attack URL in a new tab, it won't execute (becuase of response type). Try it if you like.</li></ul>
|
||||||
xss-reflected-5b-failure=Nope, pretty easy to guess now though.
|
xss-reflected-5b-failure=Nope, pretty easy to guess now though.
|
||||||
xss-reflected-6a-success=Correct! Now, see if you can send in an exploit to that route in the next assignment.
|
xss-reflected-6a-success=Correct! Now, see if you can send in an exploit to that route in the next assignment.
|
||||||
xss-reflected-6a-failure=No, look at the example. Check the <a href="/WebGoat/js/goatApp/view/GoatRouter.js" target="_blank">GoatRouter.js</a> file. It should be pretty easy to determine.
|
xss-reflected-6a-failure=Sorry that's not correct. Look at the example again to understand what a valid route looks like. If you're stuck... hints might help.
|
||||||
|
xss-reflected-6a-hint-1=To search through the client side code, use the developer tools of your browser. (If you don't know how to use them, check the <i>Developer Tools</i> Lesson in the general category.)
|
||||||
|
xss-reflected-6a-hint-2=Since you are looking for application code, check the WebGoat/js/goatApp folder for a file that could handle the routes.
|
||||||
|
xss-reflected-6a-hint-3=Make sure you add the base route at the start, when submitting your solution.
|
||||||
|
xss-reflected-6a-hint-4=Still didn't find it? Check the <a href="/WebGoat/js/goatApp/view/GoatRouter.js" target="_blank">GoatRouter.js</a> file. It should be pretty easy to determine.
|
||||||
xss.lesson1.failure=Are you sure? Try using a tab from a different site.
|
xss.lesson1.failure=Are you sure? Try using a tab from a different site.
|
||||||
xss-dom-message-success=Correct, I hope you didn't cheat, using the console!
|
xss-dom-message-success=Correct, I hope you didn't cheat, using the console!
|
||||||
xss-dom-message-failure=Incorrect, keep trying. It should be obvious in the log when you are successful.
|
xss-dom-message-failure=Incorrect, keep trying. It should be obvious in the log when you are successful.
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user