dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e86470e141e97c878f899b6ea2a2459b7ead6a9f
WebGoat/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content8b.adoc
Nanne Baars e169650ebc Update documentation
2021-12-15 17:47:12 +01:00

69 lines
1.6 KiB
Plaintext
Raw Blame History

== Reflective XSS
See the HTML file below, which passes data to a JSP file.
[source,html]
-------------------------------------------------------
<html>
<body>
<form action = "main.jsp" method = "POST">
First Name: <input type = "text" name = "first_name">
<br />
Last Name: <input type = "text" name = "last_name" />
<input type = "submit" value = "Submit" />
</form>
</body>
</html>
-------------------------------------------------------
Here is the JSP file:
[source,html]
-------------------------------------------------------
<html>
<head>
<title>Using GET and POST Method to Read Form Data</title>
</head>
<body>
<h1>Using POST Method to Read Form Data</h1>
<table>
<tbody>
<tr>
<td><b>First Name:</b></td>
<td><%= request.getParameter("first_name")%></td>
</tr>
<tr>
<td><b>Last Name:</b></td>
<td>
<%= request.getParameter("last_name")%>
</td>
</tr>
</tbody>
</table>
</body>
</html>
-------------------------------------------------------
As you can see the JSP file prints unfiltered user input which is never a good idea.
You want people to access the page like this:
----
http://hostname.com/mywebapp/main.jsp?first_name=John&last_name=Smith
----
But what happens if someone uses this link:
----
http://hostname.com/mywebapp/main.jsp?first_name=<script>alert("XSS Test")</script>
----
=== It is your turn!
Try to prevent this kind of XSS by escaping the URL parameters in the JSP file:
Reference in New Issue View Git Blame Copy Permalink