6 lines
383 B
Plaintext
6 lines
383 B
Plaintext
See the comments below.
|
|
|
|
Add a comment with a JavaScript payload. Again ... you want to call the _webgoat.customjs.phoneHome_ function.
|
|
|
|
As an attacker (offensive security), keep in mind that most apps are not going to have such a straight-forwardly named compromise.
|
|
Also, you may have to find a way to load your own JavaScript dynamically to fully achieve goals of extracting data. |