Part 5 JS redirect Lab
Video Activity
In this lab-based lesson, participants learn how to use the Reflected Cross Site Scripting function in Web Goat to learn how to exploit a vulnerability on the page. By injecting a Java Script, participants learn how users can be directed to a completely different page; making their information open for stealing.
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Description
In this lab-based lesson, participants learn how to use the Reflected Cross Site Scripting function in Web Goat to learn how to exploit a vulnerability on the page. By injecting a Java Script, participants learn how users can be directed to a completely different page; making their information open for stealing.
Video Transcription
00:04
Hello and welcome to the side. Very secure coding course. My name is Sonny Wear, and this is Boa's top 10 for 2013 8 10 Unveil undated Redirects and forwards lab.
00:17
We're going to use Web goat to do a redirect via a Java script injection.
00:23
This is the lab for a 10 analogue dated redirection forwards.
00:28
Now what we're gonna do is we're actually going to use in web goat
00:33
under cross site scripting theory reflected cross site scripting attacks page.
00:39
So when you come to this page, we are actually going to exploit
00:44
that A reflected cross site scripting vulnerability exists on this particular page, and what we're gonna do is inject some javascript code to actually redirect to a completely different page. So
01:00
if I open up burp suite here,
01:03
I'm not gonna use my interceptor. But I am gonna use Thebe coder tab.
01:10
And what I have here is some javascript where I'm going to call the window dot location
01:18
to actually forward my victim to a completely different location now,
01:25
because I'm not on the internet, I'm just referencing something local just so that you can see that the page actually changes,
01:34
but realize that in an actual attack,
01:38
the location could be something called a watering hole. It's in it an attacker controlled website, but it looks identical or very, very similar to the legitimate site.
01:52
And this can happen a lot of times where we have these mergers and acquisitions of businesses,
02:00
where you'll be on the original website and then through some sort of acquisition.
02:07
There's part of the service of a company that's being done by this acquired company. And so that acquired company is gonna have a completely different you, Earl. And so there might be a link available to you on the side bar of your authenticated page.
02:27
And so you you click it unknowingly. If there's a
02:30
if there's a cross site scripting vulnerability, then that that link can be replaced by a malicious link. And so that's what I'm trying to simulate for you here.
02:43
And so what I've done is I'm actually ending the first command just to make sure everything is clean. So I've got a cynical in there. Then I start my JavaScript tag.
02:55
Then I call the window dot location and give it a u R L.
03:01
Now, since I'm gonna be pasting this directly into the HTML page itself. I'm I'm actually not gonna You are Ln code at this time,
03:10
so I'm just gonna copy and paste that I'm not even going to use the proxy.
03:16
Just gonna go in here to this page
03:22
to this text, barks,
03:23
paste that in there.
03:29
And so you see that we were completely redirected to the hostile location.
03:37
Now you can change this lab to actually, if you are connected to the Internet, you can change it to go out to google dot com or something like that. But you can see the effect of this where
03:51
the victim is being redirected to an attacker controlled website.
Up Next
Instructed By
Similar Content
