【WebGoat习题解析】AJAX Security->Insecure Client Storage
2016-12-26 22:10
567 查看
绕过前端验证可以通过两种办法:一是利用开发者工具进行debug;二是利用burpsuite直接抓取。本题解决思路如下:
STAGE 1: For this exercise, your mission is to discover a coupon code to receive an unintended discount.
1、进入AJAX Security->Insecure Client Storage题目后,打开开发者工具定位元素
2、拷贝方法,即“isValidCoupon”,进入Sources的js文件里进行查找
3、在if(coupon == decrypted){ 处打个断点;在抓取的输入框内输入任意字符后,进行debug
4、连续点击三角符号,并将watch里获取的value拷贝下来粘贴至文本文件里
**利用debug方法可以获取值,甚至传输对应值
5、移除断点,并将获取的coupon键入输入框并提交。这样misson 1就完成了
STAGE 2: Now, try to get your entire order for free.
1、利用burp拦截提交的请求
2、找到对应的值,并把支付金额改为0后,点击“forward”
3、至此misson 2页完成了
STAGE 1: For this exercise, your mission is to discover a coupon code to receive an unintended discount.
1、进入AJAX Security->Insecure Client Storage题目后,打开开发者工具定位元素
2、拷贝方法,即“isValidCoupon”,进入Sources的js文件里进行查找
3、在if(coupon == decrypted){ 处打个断点;在抓取的输入框内输入任意字符后,进行debug
4、连续点击三角符号,并将watch里获取的value拷贝下来粘贴至文本文件里
**利用debug方法可以获取值,甚至传输对应值
5、移除断点,并将获取的coupon键入输入框并提交。这样misson 1就完成了
STAGE 2: Now, try to get your entire order for free.
1、利用burp拦截提交的请求
2、找到对应的值,并把支付金额改为0后,点击“forward”
3、至此misson 2页完成了
相关文章推荐
- Webgoat 笔记总结 Insecure Communication/Configuration/Storage
- 【WebGoat习题解析】Parameter Tampering->Bypass HTML Field Restrictions
- Custom Client Side Drag and Drop Behavior in ASP.NET AJAX
- F-Secure Client Security 注册机
- OpenCV编程->FileStorage解析
- Talk In Web Security(安全世界观): Devleping a Secure WebSite
- ajaxfileupload 返回json解析出错 带有<pre>标签
- MsAjax Lib-> Date.parseInvariant 函数
- asp.net ajax解析json数据(运用List<Hashtable>装数据)
- Hadoop-client端ipc解析<转>
- jStore - Persistent storage solution in client-side
- novaclient代码解析之---通过nova show <server-id>命令解析Nova client与Nova API之间的调用关系
- Code Access Security and Distribution Features in .NET Enhance Client-Side Apps
- 错误:The MagicAjax HttpModule is not included in web.config. Add [<httpModules><add name="MagicAjax" type="MagicAjax.Magic
- RealThinClient LinkedObjects Demo解析
- <Chapter 2>Fast Index Creation in the InnoDB Storage Engine
- IPSec Security Parameters in Relation to Secure IP Interface
- Overview of Retry Policies in the Windows Azure Storage Client Library
- Framework XML 反序列化->There is an error in doucment (,) 错误解析
- SecurityError: The operation is insecure.