Unvalidated user-supplied data is used in conjunction with a Javascript eval() call. In a reflected XSS attack, Attacker can craft a URL with the attack script and store it on another website, email it, or otherwise trick a victim into clicking on it. 

Goal: 

Here we will craft XSS attack that take advantage of eval() function. Goal is to trigger 'alert()'document.cookie.

eval('123)

-- Add malicious code

 

('); 

Step by step Guide

1. Enter below code to Digital Access Code field. 

123');

alert(document.cookie);

(' 


Goal: 

To discover a coupon code to receive an unintended discount. Then we will exploit the use of client side validation to submit an order with a cost of zero. 

Note that Input validation should always be done on server side. 

Method: 

Use Firebug or Build-in firefox Inspect Element tool. Here we will use new Firefox Dev Edition. 

Part one Coupon Discount 

Method One - Step by step Guide

1. Right click the input field for "Enter your coupon code" inspect element with Firebug or Firefox DevTool


Goal: 

perform silent transactions attacks against simple banking system. Due to architecture of Ajax, its transaction is silent which present vulnerability for attackers to perform injected attack scripts to steal client's money without authorization. 

Method: 

Using Burp Suite or other proxy tool to perform interception and XML injection attack. 

Step by step Guide

1. Study the source code, you can see  silentTransaction.js file which has two functions one for balance validation and the other for data submission, we can just use execute from address bar directly execute data submission function bypass validation. 

 

Lesson menu item

Lesson project

Lesson source class

SilentTransactions

silent-transactions

org.owasp.webgoat.plugin.SilentTransactions.java


Goal: 

JSON widely used than XML due to its ease of use and speed. In this lab, our target is to perform JSON injection to airline ticket system to get the non-stop ticket and for a cheaper price. 

Method: 

Using Burp Suite or other proxy tool to perform interception and JSON injection attack.  

Step by step Guide

1. Start up Burp suite interception, ensure Interception responses also enabled. To enable Response Interception, goto Proxy=>option


Goal: 

Ajax Applications rely on XML exchange information with server. 

Method: 

Using Burp Suite or other proxy tool to perform interception and XML injection attack. 

Step by step Guide

1. Start up Burp suite interception, ensure Interception responses also enabled. To enable Response Interception, goto Proxy=>option


Please publish modules in offcanvas position.