Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Looking for a Web Application Vulnerable to XSS Cookie Grab

from [Jeff Williams] Network Security [Permanent Link]
Subject: Re: Looking for a Web Application Vulnerable to XSS Cookie Grab
Date: Sat, 6 Nov 2004 17:16:06 -0500 
WebGoat has lessons on both stored and reflected XSS. You can use the
reflected XSS lessons to do what you want to do simply by sending your
victim an email that has a link exploiting the vulnerable page in WebGoat.

The stored XSS lesson used to work the way you want, with all users messages
going into a single list.  But it was confusing for students who want to
test with *their* messages only.  If you'd like the multi-user behavior, you
can change StoredXss.java in the makeList method as follows...
ResultSet results = statement.executeQuery( STANDARD_QUERY + " WHERE user =
'" + s.getUserName() + "'" );

to

ResultSet results = statement.executeQuery( STANDARD_QUERY );

--Jeff

----- Original Message ----- 
From: "CFW" <cfw_security@comcast.net>
To: <webappsec@securityfocus.com>
Sent: Friday, November 05, 2004 4:33 PM
Subject: Looking for a Web Application Vulnerable to XSS Cookie Grab



Hi all,

    I am setting up a lab to learn about web application security and I
have been messing with WebGoat and Foundstone's HacmeBank and found them
to be very useful learning tools.  One thing lacking in them (from what
I can tell) is a multiuser, XSS Cookie Grabbing example.

    Basically, I would like to have a little application (or part of one
of these applications) that one (malicious) user can log in to and post
a XSS cookie grabber to a forum or guestbook or something.  Then, the
attacker fires up a listener until another user logs in and hits the
script, sending the cookies to the listener.  Then, the first user can
change his cookies, and see clearly that the web application thinks it
is the second user.  Does anyone know of such an application?

    The Foundstone Hacme Bank is almost there in that it has a "Post
Message" section that is vulnerable to XSS, but it is set up so that
each user sees only their own messages, so it is not possible to post a
malicious script to someone else.  If the Foundstone people are reading
this, have you considered changing this behavior?

    While I am asking, are there any other web applications like these
that I should set up?  I looked at WebMaven, but it looks like that has
been overtaken by Hacme and Webgoat (correct me if I am wrong).  Someone
mentioned a while back on pen-test that you could use an old version of
PHP-Nuke as a vulnerable site since it has a lot of known issues.  Has
anyone done this and have any hints on what version is the most useful
in this respect (most vulnerable I guess)?

    Thanks a bunch and have a good weekend.

Chuck
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: A secure and easy to admin forum?, Gare
Next by Date:  Re: Scan web apps, q q
Previous by Thread:  RE: Looking for a Web Application Vulnerable to XSS Cookie Grab, Mike Andrews
Next by Thread:  Re: Looking for a Web Application Vulnerable to XSS Cookie Grab, q q
Indexes:  [Date] [Thread] [Top] [All Lists]