Hello and welcome to the side. Very secure coding course. My name is Sonny Wear, and this is Boa's top 10 for 2013 8 10 Unveil undated Redirects and forwards lab.
We're going to use Web goat to do a redirect via a Java script injection.
This is the lab for a 10 analogue dated redirection forwards.
Now what we're gonna do is we're actually going to use in web goat
under cross site scripting theory reflected cross site scripting attacks page.
So when you come to this page, we are actually going to exploit
if I open up burp suite here,
I'm not gonna use my interceptor. But I am gonna use Thebe coder tab.
to actually forward my victim to a completely different location now,
because I'm not on the internet, I'm just referencing something local just so that you can see that the page actually changes,
but realize that in an actual attack,
the location could be something called a watering hole. It's in it an attacker controlled website, but it looks identical or very, very similar to the legitimate site.
And this can happen a lot of times where we have these mergers and acquisitions of businesses,
where you'll be on the original website and then through some sort of acquisition.
There's part of the service of a company that's being done by this acquired company. And so that acquired company is gonna have a completely different you, Earl. And so there might be a link available to you on the side bar of your authenticated page.
And so you you click it unknowingly. If there's a
if there's a cross site scripting vulnerability, then that that link can be replaced by a malicious link. And so that's what I'm trying to simulate for you here.
Then I call the window dot location and give it a u R L.
Now, since I'm gonna be pasting this directly into the HTML page itself. I'm I'm actually not gonna You are Ln code at this time,
so I'm just gonna copy and paste that I'm not even going to use the proxy.
Just gonna go in here to this page
to this text, barks,
paste that in there.
And so you see that we were completely redirected to the hostile location.
Now you can change this lab to actually, if you are connected to the Internet, you can change it to go out to google dot com or something like that. But you can see the effect of this where
the victim is being redirected to an attacker controlled website.