15 lines
1.0 KiB
Plaintext
15 lines
1.0 KiB
Plaintext
== Identify Potential for DOM-Based XSS
|
|
|
|
DOM-Based XSS can usually be found by looking for the route configurations in the client-side code.
|
|
Look for a route that takes inputs that are being 'reflected' to the page.
|
|
|
|
For this example, you'll want to look for some 'test' code in the route handlers (WebGoat uses backbone as its primary javascript library).
|
|
Sometimes, test code gets left in production (and often times test code is very simple and lacks security or any quality controls!).
|
|
|
|
Your objective is to find the route and exploit it. First though ... what is the base route? As an example, look at the URL for this lesson ...
|
|
it should look something like /WebGoat/start.mvc#lesson/CrossSiteScripting.lesson/9. The 'base route' in this case is:
|
|
*start.mvc#lesson/*
|
|
The *CrossSiteScripting.lesson/9* after that are parameters that are processed by the javascript route handler.
|
|
|
|
So, what is the route for the test code that stayed in the app during production?
|
|
To answer this question, you have to check the javascript source. |