6 37 Cross Site Scripting XSS Stored XSS attack Stored XSS attacks allow users

6 37 cross site scripting xss stored xss attack

This preview shows page 6 - 8 out of 8 pages.

6 3.7 Cross Site Scripting (XSS) Stored XSS attack Stored XSS attacks allow users to create message content that could cause another user to load an undesirable page or undesirable content when the message is viewed or accessed. In this exercise you will create such a message. Step1: Click on Cross-Site Scripting (XSS) and underneath select Stored XSS Attacks in the left pane in WebGoat. Step2: In the title text box, ty pe “ XSS exampl e” Step3. In the message text box, copy and paste the following HTML content. <script language="javascript" type="text/javascript">alert("Ha! Ha! You are hacked! ");</script> Step4. Click on Submit. You will click on the message you have just posted under message list. a. What will happen if someone clicks on the message you have just posted? b. Paste a screenshot of the results below. c. What is the security implication of your results? d. How can you prevent XSS? 3.8 Authentication Flaws in Session Management This exercise illustrates the vulnerability of session management using Cookies. Using a proxy server, the attacker will be able to trap important information regarding transaction authorization information, such as authorization header and cookies. By manipulating this login information, the attacker can re-login as a different user. Step1: To complete this exercise, you need to observe what HTTP requests are sent between the browser and the server. You can trap the web requests at the proxy server. To do this, on Paros, click on the Trap tab , check Trap request . This will trap the HTTP request at the proxy server, while the server waits for the HTTP request to arrive, letting the proxy server be t he “ man-in-the-middl e” and giving the proxy server the ability to manipulate the HTTP request before letting the request continue to its destination. Step2: Click on Authentication Flaws and underneath select Basic Authentication on the left pane in WebGoat. Step3: Read the WebGoat description of the exercise and click on Submit. You will need to setup Paros before clicking Submit to trap the request as mentioned previously in order to continue.
Image of page 6
7 Step4: Go to Paros and look under Sites > > WebGoat > POST:Attack(Screen,menu)(SUBMIT,person) . You will see your HTTP request intercepted at the proxy server and you can see the HTTP command you have just submitted. The HTTP header contains a basic authentication header call ed “ Authorization ” wi thin the HTTP request. You should be able to see its value on the HTTP header window in Paros. The value should be some code followi ng “ Authorization: Basic in the HTTP header request. a. Write down the code. Step5: The code is encoded in BASE64 and we need to decode it to see the ASCII value. Use the decoder under Tools, Encoder/Hash. Decode it using BASE64 decode. b. What is the plain text value of the authentication header that you have just decoded?
Image of page 7
Image of page 8

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture