一、题目
This lesson is an example of how a website might support a phishing attack
Below is an example of a standard search feature.
Using XSS and HTML insertion, your goal is to:
Insert html to that requests credentials
Add javascript to actually collect the credentials
Post the credentials to http://localhost/WebGoat/catcher?PROPERTY=yes...
To pass this lesson, the credentials must be posted to the catcher servlet.
使用XSS和HTML注入,你的目标:
(1)将html插入请求凭据
(2)插入javascript以实际收集凭据
(3)将凭据发送到http://localhost/WebGoat/catcher?PROPERTY=yes…
为了通过这次实验,必须将凭据发送到捕获器servlet
二、课程目标
(1)技术概念
It is always a good practice to validate all input on the server side. XSS can occur when unvalidated user input is used in an HTTP response. With the help of XSS you can do a Phishing Attack and add content to a page which looks of