diff --git a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScripting.java b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScripting.java index 7e6532865..8a438c5ac 100644 --- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScripting.java +++ b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScripting.java @@ -57,7 +57,6 @@ public class DOMCrossSiteScripting extends AssignmentEndpoint { userSessionData.setValue("randValue",number.nextInt()); if (param1 == 42 && param2 == 24 && request.getHeader("webgoat-requested-by").equals("dom-xss-vuln")) { - System.out.println(userSessionData.getValue("randValue") + " << randValue"); return trackProgress(success().output("phoneHome Response is " + userSessionData.getValue("randValue").toString()).build()); } else { return trackProgress(failed().build()); diff --git a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScriptingVerifier.java b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScriptingVerifier.java index 6ee699bef..80f3cca75 100644 --- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScriptingVerifier.java +++ b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScriptingVerifier.java @@ -55,8 +55,9 @@ public class DOMCrossSiteScriptingVerifier extends AssignmentEndpoint { AttackResult completed(@RequestParam String successMessage) throws IOException { UserSessionData userSessionData = getUserSessionData(); + String answer = (String) userSessionData.getValue("randValue"); - if (successMessage.equals(userSessionData.getValue("randValue").toString())) { + if (successMessage.equals(answer)) { return trackProgress(success().feedback("xss-dom-message-success").build()); } else { return trackProgress(failed().feedback("xss-dom-message-failure").build());