Webgoat - Cross Site Scripting

Webgoat – Cross Site Scripting

In this walk through, we will be going through the Cross Site Scripting vulnerability section from Webgoat Labs. We will be exploring and exploiting Cross Site Scripting in various application implementation and learn how application are affected because of it. So, let’s get started with the Hacking without any delay.

Cross Site Scripting

1. Using Chrome or Firefox to see cookies

Using Chrome or Firefox to see cookies

alert document cookie

popping the cookie value

Challenge completed

2. Reflected XSS

  • In this challenge we have to identify which field is susceptible to XSS.

Reflected XSS

  • I used the below HTML bold tag to test if the application is parsing our HTML input or not and it does.

<b> 4128 3214 0002 1999 </b>

HTML Injection payload

HTML Injection confirmed

  • I used the below payload to pop an alert box and completed the challenge.

<script>alert("Hacked")</script>

XSS payload

Hacked pop up alert

Challenge completed

3. Identify potential for DOM-Based XSS

  • In this challenge we have to find the base route of the test code that stayed in the app during production.

Identify potential for DOM-Based XSS

  • I opened up the Debugger in dev tools and search for test. Got a parameter test.

Debugger

Cross Site Scripting

start.mvc#test

Flag submitted

4. DOM-Based XSS

DOM-Based XSS

  • As we know from the previous challenge we have our base route parameter at.

http://localhost/WebGoat/start.mvc#test/parameter

Cross Site Scripting

  • I used the below payload in place of our parameter value and analyzes the response in Console.

http://localhost/WebGoat/start.mvc#test/<script>webgoat.customjs.phoneHome()</script>

%3Cscript%3Ewebgoat%2Ecustomjs%2EphoneHome%28%29%3C%2Fscript%3E%0A

Debugger

Flag submitted

5. The Quiz

The Quiz

All challenges completed

Also Read: Webgoat – Authentication Bypasses

Conclusion:

Conclusion

So, we finally completed the Webgoat Cross Site Scripting Vulnerability section. Next, we can mitigate these types of attacks by performing input sanitization on endpoints, whitelist the allowed characters in the input and using a WAF. On that note, i will take your leave and will meet you in next one with another Webgoat vulnerability writeup, till then “Keep Hacking”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top