Added hints for Reflected XSS assignment.

2018-11-18 12:41:47 +01:00
parent 3a7601d348
commit 46f92dad3b
2 changed files with 8 additions and 2 deletions
--- a/webgoat-lessons/cross-site-scripting/src/main/resources/i18n/WebGoatLabels.properties
+++ b/webgoat-lessons/cross-site-scripting/src/main/resources/i18n/WebGoatLabels.properties
@ -2,8 +2,12 @@
 xss.title=Cross Site Scripting
 xss-stored.title=Cross Site Scripting (stored)
 xss-mitigation.title=Cross Site Scripting (mitigation)
-xss-reflected-5a-success=well done, but alerts aren't very impressive are they? Please continue.
-xss-reflected-5a-failure=Try again. We do want to see this specific javascript (in case you are trying to do something more fancy)
+xss-reflected-5a-success=Well done, but alerts aren't very impressive are they? Please continue.
+xss-reflected-5a-failure=Try again. We do want to see this specific javascript (in case you are trying to do something more fancy).
+xss-reflected-5a-hint-1=Think about how the inputs are presumably processed by the application.
+xss-reflected-5a-hint-2=Quantity inputs are probably processed as integer values. Not the best option for inputting text right?
+xss-reflected-5a-hint-3=What information send to the application gets reflected back after being submitted?
+xss-reflected-5a-hint-4=Just try purchasing something. You want your script to be included in the purchase-confirmation.
 xss-reflected-5b-success=Correct ... because <ul><li>The script was not triggered by the URL/QueryString</li><li>Even if you use the attack URL in a new tab, it won't execute (becuase of response type). Try it if you like.</li></ul>
 xss-reflected-5b-failure=Nope, pretty easy to guess now though.
 xss-reflected-6a-success=Correct! Now, see if you can send in an exploit to that route in the next assignment.