forked from juice-shop/juice-shop
-
Notifications
You must be signed in to change notification settings - Fork 2
Lab 07 Cross Site Scripting
Tomas Rosenqvist edited this page Aug 30, 2018
·
14 revisions
- Make sure you're browsing the Juice Shop via HTTPS.
This prevents any intermediary firewall from detecting XSS attempts if you're running from a company network or similar.
- Keep the Devtools open
- Log in as any user.
- Go to the order tracking form.
- Enter
<script>alert("XSS")</script>. - Use the Devtools to inspect the server response.
- In the product search bar, enter
<h1>huge text</h1>and hit search. - Notice how the text you entered appears in the search results page, and that it seems to be formatted as a heading (i.e. quite large text). Also notice what the current URL is in the address field of your browser.
- Now search for
<script>alert("XSS")</script>in the product search bar. - Use the Devtools to inspect the server response.
- What's the difference between the two challenges (Tier 0 and Tier 1)?
- Go to the new user registration form.
- Open the devtools.
- Create a new user, using valid values for e-mail, password etc.
- Inspect the request in devtools.
- Create a new user, but enter
<script>alert("XSS")</script>as the e-mail address. - Use the devtools to enable the submit button and create the user.
- Inspect the request in devtools. Do you notice anything strange about it?
- Use Postman to craft a new POST request.
- Set the body to
rawand change the type fromTexttoJSON (application/json). - Copy the URL from the request in devtools and paste it into Postman.
- Copy the payload from the request in devtools and paste it into the Postman body.
- Alter the payload and add
"email": "<script>alert(\"XSS\")</script>". - Submit the request using Postman
- Login as any user.
- Go to the administration view.
- What do you think happened when you used the browser to create a user? Why didn't it work as expected?