Goal: 

Authenticate as webgoat without password. 

Method:

1. Start burp suite and turn on proxy intercept 

2. Enter Username and any password click login


Goal: 

Gain Access to unauthorized file resource "WEB-INF/spring-security.xml" located in unknown location. Note the hacker have access to files one the site. 

Method: 

Use Burp Suite and modify request file and gain access.

Step by step Guide

1. Setup burp Suite proxy on both client and burp, 

2. We need to first try to get as much info as we could about the folder structure, let's use the file that we have access to find out their directories. 

We can see that the file BlindStringSqlInjection.html is located at 

/root/.extract/webapps/WebGoat/plugin_extracted/plugin/BlindStringSqlInjection/lessonPlans/en/BlindStringSqlInjection.html


Unvalidated user-supplied data is used in conjunction with a Javascript eval() call. In a reflected XSS attack, Attacker can craft a URL with the attack script and store it on another website, email it, or otherwise trick a victim into clicking on it. 

Goal: 

Here we will craft XSS attack that take advantage of eval() function. Goal is to trigger 'alert()'document.cookie.

eval('123)

-- Add malicious code

 

('); 

Step by step Guide

1. Enter below code to Digital Access Code field. 

123');

alert(document.cookie);

(' 


Please publish modules in offcanvas position.