Web-App-Hacking-Notes
Web-App-Hacking-Notes copied to clipboard
tcpiplab
Notes I've taken while working through various web app pentesting labs.
1. Summary is followed by cruft. 1. Point out that the injection can only be performed as Larry, with `employee_id` set to `101`. Show the Java that enforces that.
From @padraic's book which is at his [phpsecurity repository](https://github.com/padraic/phpsecurity/blob/master/book/lang/en/source/_includes/Cross-Site-Scripting-And-Injecting-Context.rst): On the server: ```html
http://prompt.ml/ https://github.com/cure53/XSSChallengeWiki/wiki/prompt.ml https://blog.0daylabs.com/2016/06/18/prompt-ml-XSS-challenge-writeup/
This is for [xss-reflected-steal-cookie.md](https://github.com/tcpiplab/Web-App-Hacking-Notes/blob/master/xss-reflected-steal-cookie.md). The scenario would be that user A tricks user B into clicking a link containing the XSS code. 1. Test from one account to another of...
There are at least three files that could become one. One file is 0 bytes. The title should indicate that this is for Webgoat XSS, not overall Webgoat.