dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Removed hardcoded webgoat path for URLs

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@367 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64
2008-11-21 16:57:23 +00:00
parent c0d2d13e5a
commit 7998e60f29
68 changed files with 592 additions and 592 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
main/project/WebContent/lesson_solutions/DOMXSS.html
View File

@ -3,7 +3,7 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>DOM Based Cross Site Scripting (XSS)</title>
<link rel="stylesheet" type="text/css" href="/WebGoat/lesson_solutions/formate.css">
<link rel="stylesheet" type="text/css" href="lesson_solutions/formate.css">
</head>
<body>
<p><b>Lesson Plan Title:</b> DOM Based Cross Site Scripting (XSS)</p>
@ -18,16 +18,16 @@ For this exercise, your mission is to use this vulnerability to inject malicious
<b>Solution:</b><br/><br/>
Stage 1: Enter "&lt;IMG SRC="images/logos/owasp.jpg"/&gt;" and submit the solution.<br/><br/>
<img src="/WebGoat/lesson_solutions/DOMXSS_files/image001.jpg"><br/>
<img src="lesson_solutions/DOMXSS_files/image001.jpg"><br/>
<font size="2"><b>Stage 1 result</b></font><br/><br/><br/>
Stage 2: Enter "&lt;img src=x onerror=;;alert('XSS') /&gt;" and submit the solution.<br/><br/>
<img src="/WebGoat/lesson_solutions/DOMXSS_files/image002.jpg"><br/>
<img src="lesson_solutions/DOMXSS_files/image002.jpg"><br/>
<font size="2"><b>Stage 2 result</b></font><br/><br/><br/>
Stage 3: Enter "&lt;IFRAME SRC="javascript:alert('XSS');"&gt;&lt;/IFRAME&gt;" and submit the solution.<br/><br/>
<img src="/WebGoat/lesson_solutions/DOMXSS_files/image003.jpg"><br/>
<img src="lesson_solutions/DOMXSS_files/image003.jpg"><br/>
<font size="2"><b>Stage 3 result</b></font><br/><br/><br/>
Stage 4: Enter "Please enter your password:&lt;BR&gt;&lt;input type = "password" name="pass"/&gt;&lt;button onClick="javascript:alert('I have your password: ' + pass.value);"&gt;Submit&lt;/button&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt; &lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;" and submit the solution.<br/><br/>
<img src="/WebGoat/lesson_solutions/DOMXSS_files/image004.jpg"><br/>
<img src="lesson_solutions/DOMXSS_files/image004.jpg"><br/>
<font size="2"><b>Stage 4 result</b></font><br/><br/><br/>
Stage 5: You have to use the JavaScript escape.js for the input.<br/>
You will find the JavaScripts in tomcat\webapps\WebGoat\javascript ( Standart Version ) or in WebContent\javascript ( Developer Version ).<br/>