This is the sequel of python automation which I had posted earlier. In last blog, I had explained about how to install bodge open-source application and perform source code review.Please go though my previous blog to follow this up.
XSS attack in contact page
As part of this attack, XSS attack is going to be performed. The vulnerability has been clearly explained in below URL. Since, we are not focusing on process of finding the vulnerability, it was not explained as part of this blog.I kindly request you to have a look at below for betting understanding of the vulnerability.
The BodgeIt store part one - Infosec Resources
The BodgeIt Store created by Psiinon is a vulnerable web application. It consists of a wide variety of vulnerabilities…
In order to perform the attack below attributes are required.
- CSRF token for sending along with POST request
- Payload for performing XSS attack
Steps to reproduce
- Enter the application URL in address bar and go to contact page
2. Capture the CSRF token from server response
3. Inject the payload along with CSRF token for successful XSS attack
Secure code review
In “contact.jsp” page, the application is looking for comments from user and eliminated keywords <script> and </script> from the input in order to avoid the XSS attack. However the black listing the input is not strong enough to protect the application. It is always recommended to allow white-listed input rather than black-listing the inputs.
Due to poor black-listing of the input, the attacker is able to perform the xss attack here.
As discussed earlier, CSRF token from server is captured initially and then it is fed to server along with XSS payload. I have added the description in the code for better understanding.