dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

upgrade ascii doc with support for link in new tab

Browse Source
This commit is contained in:
Rene Zubcevic
2019-10-10 14:01:32 +02:00
committed by Nanne Baars
parent e0ac4a1083
commit 8d7142e6d3
9 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content5b.adoc
View File

@ -5,6 +5,6 @@ You should have been able to execute script with the last example. At this point
Why is that?
That is because there is no link that would trigger that XSS.
You can try it yourself to see what happens ... go to (substitute localhost with your server's name or IP if you need to):
You can try it yourself to see what happens ... go to:
link: http://localhost:8080/WebGoat/CrossSiteScripting/attack5a?QTY1=1&QTY2=1&QTY3=1&QTY4=1&field1=<script>alert('my%20javascript%20here')</script>4128+3214+0002+1999&field2=111
link:/WebGoat/CrossSiteScripting/attack5a?QTY1=1&QTY2=1&QTY3=1&QTY4=1&field1=<script>alert('my%20javascript%20here')</script>4128+3214+0002+1999&field2=111["/WebGoat/CrossSiteScripting/attack5a?QTY1=1&QTY2=1&QTY3=1&QTY4=1&field1=<script>alert('my%20javascript%20here')</script>4128+3214+0002+1999&field2=111",window=_blank]