dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

This improves the text of the lesson about XSS

Browse Source
This commit is contained in:
Matthias Grundmann 2018-06-13 17:56:23 +02:00
parent f383454440
commit b0fbeaff2c
No known key found for this signature in database
GPG Key ID: CF3BB4CEC9904593
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content6a.adoc
View File

@ -1,15 +1,15 @@
== Identify Potential for DOM-Based XSS == Identify Potential for DOM-Based XSS
DOM-Based XSS can usually be found by looking for the route configurations in the client-side code. DOM-Based XSS can usually be found by looking for the route configurations in the client-side code.
Look for a route that takes inputs that you can ID being 'reflected' to the page. Look for a route that takes inputs that are being 'reflected' to the page.
For this example, you'll want to look for some 'test' code in the route handlers (WebGoat uses backbone as its primary javascript library). For this example, you'll want to look for some 'test' code in the route handlers (WebGoat uses backbone as its primary javascript library).
Sometimes, test code gets left in production (and often times test code is very simple and lacks security or any quality controls!). Sometimes, test code gets left in production (and often times test code is very simple and lacks security or any quality controls!).
Your objective is to find the route and exploit it. First though ... what is the base route? As an example, look at the URL for this lesson ... Your objective is to find the route and exploit it. First though ... what is the base route? As an example, look at the URL for this lesson ...
it should look something like /WebGoat/start.mvc#lesson/CrossSiteScripting.lesson/9 (although maybe slightly different). The 'base route' in this case is: it should look something like /WebGoat/start.mvc#lesson/CrossSiteScripting.lesson/9. The 'base route' in this case is:
*start.mvc#lesson/* *start.mvc#lesson/*
The *CrossSiteScripting.lesson/9* after that are parameters that are processed by the javascript route handler.
The *CrossSiteScripting.lesson/#* after that are parameters that are processed by javascript route handler. So, what is the route for the test code that stayed in the app during production?
To answer this question, you have to check the javascript source.
So, what is test route for this test code?

2
webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content6b.adoc
View File

@ -8,4 +8,4 @@ The function you want to execute is ...
Sure, you could just use console/debug to trigger it, but you need to trigger it via a URL in a new tab. Sure, you could just use console/debug to trigger it, but you need to trigger it via a URL in a new tab.
Once you do trigger it, a subsequent response will come to the browser with a random number. Put that random number in below. Once you do trigger it, a subsequent response will come to your browser's console with a random number. Put that random number in below.