mvn clean spring-boot:run
Debug at port 5005
ruby -run -ehttpd . -p8000
Then open your browser on http://localhost:8000/Slides.html
Because we don't HTML escape content from users
Because session cookie is not flagged with HttpOnly
, it can be fetched
using XSS.
Because we don't have any csrf tokens on this site
Clickjacking and more
Because we have not set any response headers like
X-Frame-Options:SAMEORIGIN
X-Permitted-Cross-Domain-Policies:master-only
X-XSS-Protection:1;mode=block
Content-Security-Policy: script-src 'self'
Basically CSRF: Any other site can link to the logout url and make a user log out without wanting it. Not very dangerous though :)
- It's just bogus, you can type any phone number in the login box. This is a demo app, so login is not the point :)