Saturday, August 13, 2011

WebGoat - JSON Injection

Solution one (Trick):

Submit information: "From: BOS To: SEA" and get page changed.

Check the web page source code, you will find the JSP function:

<form onsubmit="return check();" enctype="" action="attack?Screen=77&menu=400" name="form" method="POST" accept-charset="UNKNOWN">
<div id="priceID0" name="priceID0">$600</div>
<input id="price2Submit" type="HIDDEN" name="price2Submit" value="">

function check(){

Now what we need to do is to change the price (using firebug) from $600 to any price you want (such as $0).
Submit the request and well done.

Solution two:
Before we type any input, check the source code:

<input id="travelFrom" type="TEXT" name="travelFrom" value="" onkeyup="getFlights();">

function getFlights() {


We got the working process:
1, client input BOS and SEA
2, AJAX will send request to the web server and listen to receive response
3, according to the response to change web page dynamically

Attacking process:
1, using Burp Proxy to intercept and tamper the response from web server

2, we can see the response is JSON format, we just need to change the price from $600 to $0
3, Submit the tampered value.


No comments:

Post a Comment