implementing support for dom xss

2016-11-23 17:24:59 -05:00 · 2016-11-23 17:24:59 -05:00 · e183c8d8b3
commit e183c8d8b3
parent 5347311319
3 changed files with 74 additions and 1 deletions
--- a/webgoat-container/src/main/resources/static/js/goatApp/view/GoatRouter.js
+++ b/webgoat-container/src/main/resources/static/js/goatApp/view/GoatRouter.js
@ -36,13 +36,36 @@ define(['jquery',
            menuView: menuView
        }),

+
+        setUpCustomJS: function () {
+            webgoat.customjs.jquery = $; //passing jquery into custom js scope ... still klunky, but works for now
+
+            // temporary shim to support dom-xss lesson
+            webgoat.customjs.phoneHome = function (e) {
+                console.log('phoneHome invoked');
+                console.log(arguments.callee);
+                //
+                webgoat.customjs.jquery.ajax({
+                      method:"POST",
+                      url:"/WebGoat/CrossSiteScripting/dom-xss",
+                      data:{param1:42,param2:24},
+                      headers:{
+                          "webgoat-requested-by":"dom-xss-vuln"
+                      },
+                      contentType:'application/x-www-form-urlencoded; charset=UTF-8'
+                });
+            }
+        },
+
        init:function() {
            goatRouter =  new GoatAppRouter();
            this.lessonController.start();
            // this.menuController.initMenu();
            webgoat = {};
            webgoat.customjs = {};
-            webgoat.customjs.jquery = $; //passing jquery into custom js scope ... still klunky, but works for now
+
+            this.setUpCustomJS();
+

            goatRouter.on('route:lessonRoute', function(name) {
                this.lessonController.loadLesson(name,0);
--- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScripting.java
+++ b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScripting.java
@ -0,0 +1,39 @@
+package org.owasp.webgoat.plugin;
+
+import org.owasp.webgoat.lessons.Assignment;
+import org.owasp.webgoat.lessons.model.AttackResult;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+
+/**
+ * Created by jason on 11/23/16.
+ */
+public class DOMCrossSiteScripting extends Assignment {
+    @RequestMapping(method = RequestMethod.POST)
+    public @ResponseBody
+    AttackResult completed(@RequestParam Integer param1,
+                           @RequestParam Integer param2, HttpServletRequest request)
+            throws IOException {
+        
+        if (param1 == 42 && param2 == 24 && request.getHeader("webgoat-requested-by").equals("dom-xss-vuln")) {
+            return trackProgress(AttackResult.success("well done!"));
+        } else {
+            return trackProgress(AttackResult.failed("keep trying!"));
+        }
+    }
+
+    @Override
+    public String getPath() {
+        return "/CrossSiteScripting/dom-xss";
+    }
+}
+
+
+
+
+
--- a/webgoat-lessons/cross-site-scripting/src/main/resources/plugin/CrossSiteScripting/js/dom-xss.js
+++ b/webgoat-lessons/cross-site-scripting/src/main/resources/plugin/CrossSiteScripting/js/dom-xss.js
@ -0,0 +1,11 @@
+//webgoat.customjs.phoneHome = function (e) {
+//    webgoat.customjs.jquery.ajax({
+//        method:"POST",
+//        url:"/WebGoat/CrossSiteScripting/dom-xss",
+//        data:{param1:42,param2:24},
+//        headers:{
+//            "x-request-with":"dom-xss-vuln"
+//        },
+//        contentType:'application/x-www-form-urlencoded; charset=UTF-8'
+//    });
+//}