dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
WebGoat/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content7.adoc
misfir3 82ef171a50 XSS Lesson Modifications (#367) 
* initial cut on XSS, need to add some tests still

* initial unit tests for assignment endpoints

* updating header comment license thingy

* comment, clean up

* Stubs for security unit test

* Additional Unit Testing

* isEncoded and isNotEncoded Unit Tests added

* http-proxies updates

* update for XXE solutions

* Work-around to handle special chars in action ... currently to be able to match {userId} in hint creation/assignment for IDOR

* IDOR hints updated

* mitigation content update

* mitigation content update ... 2

* Lesson Overview updates

* including restart lesson fix for lesson overview
2017-07-10 08:33:10 -04:00

12 lines
518 B
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

== Stored XSS
Stored cross-site scripting is different in that the payload is persisted (stored) as opposed to passed/injected via a link.
== Stored XSS Scenario
* Attacker posts malicious script to a message board
* Message is stored in a server database
* Victim reads the message
* The malicious script embedded in the message board post executes in the victims browser
** The script steals sensitive information, like the session id, and releases it to the attacker
*Victim does not realize attack occurred*
Reference in New Issue View Git Blame Copy Permalink