Table of Contents
In this lab we will be exploiting a couple of vulnerabilities that by themselves would be scored as low/medium on a vulnerability scanner.
Resources:
- https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet
- https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
- https://github.com/OWASP/railsgoat/wiki/A10-Unvalidated-Redirects-and-Forwards-(redirect_to)
- https://github.com/OWASP/railsgoat/wiki/A3-Cross-Site-Scripting
- https://github.com/OWASP/railsgoat/wiki/A3-Cross-Site-Scripting-DOM-Based)
First thing you'll have to do is launch your Rails Goat web application. Use Restacker to do this with the following command you learned from last weeks Lab 3:
$ restacker deploy -t mytemplate.json -P parameters.json -c dso -l myapp -n $AWS_STUDENT_ID -u $AWS_STUDENT_ID
Ensure you are logged out of the application. When requesting the login page, ensure you append a url=. Then, authenticate to the application. Once authenticated, you should be redirected to your test url.
- When registering, enter your JavaScript tag such as in the First Name field. Upon login the header navigation bar will echo "Welcome" + your JS code.
Example of XSS JavaScript test code:
<script>alert(1)</script>
- Ensure you are signed out of the application first. Make sure you are using something like Firefox as Safari/Chrome won't work for this exercise. Then, use the following link (substitute hostname for your actual hostname) to execute an alert box:
http://127.0.0.1/?url=%2Fdashboard%2Fhome#test=%3Cscript%3Ealert(document.cookie)%3C/script%3E