22: Penetration Testing
XSS tips Browser config Demonstrating XSS


Lab-2.1 JS Intro Lab-2.2 JS Basics Lab-3 JQuery Lab-4.1 Github API Lab-4.2-FoureSquare API Lab-5 Applications Lab-6 Views Lab-7 Sessions Lab-8 Models Lab-9 Validation Lab-10 Deployment Lab-11 Seeding Lab-12 Apis Lab-13 GPG Lab-14 OpenSSL and Certificates Lab-15 TLS Configuration Lab-16 Tdd Lab-17 Misuse Cases Lab-18 Rest Lab-19 Authentication techniques Lab-19 Java Rest Client Lab-Aurelia 1 Lab-Burp-Proxy Regular Expressions XSS tips Lab-Aurelia 2 Lab-Aurelia 3 Aurelia Lab 3 TS Lab-Aurelia 4 Lab-Aurelia 4 TS Lab-Hapi-JWT Lab-Aurelia 5 Lab-Aurelia 5 TS

Objectives

Some tips on demonstrating XSS in a Hapi application

Note on browser choice for demonstrating XSS

Recent browser versions have included some basic protections against XSS. You may need to turn this off (temporarily!) to try out these examples.

  • Chrome: you can turn off XSS filtering by starting Chrome (as Administrator) from a command prompt with the option --disable-xss-auditor
  • Internet Explorer: You can turn off XSS filtering at Tools->Internet Options->Security (tab)->Custom Level...->Disable XSS filter (near the bottom of the list).
  • Firefox: Our examples should work without any modification to Firefox settings

Demonstrating XSS

XSS with handlebars

With handlebars, use an extra brace, i.e. 

{{{ ... }}}

to remove the default sanitisation.

XSS using URL parameter

The following is a simple example to show how a parameterised route can cause an XSS vulnerability:

{
    method: 'GET', path: '/welcome/{lname}',
    handler: function (request, reply) {
        reply('Welcome ' + request.params.lname + '!  Go <a href="/login">here</a> to log in.');
    }
},

This can be exploited with the URL: 

http://localhost:4000/welcome/John



  

    

      

         Powered by tutors-ts. Unless otherwise stated, this work is licensed under a Creative Commons Attribution 4.0 International License.