This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "info": { | |
| "name": "Gruyere Collection", | |
| "_postman_id": "9efdd931-ac99-5996-8bcd-07c07652dcfa", | |
| "description": "", | |
| "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" | |
| }, | |
| "item": [ | |
| { | |
| "name": "Login Request", | |
| "event": [ | |
| { | |
| "listen": "test", | |
| "script": { | |
| "id": "1ffd2f0e-7e41-47ed-9d7e-70b2a42d4613", | |
| "type": "text/javascript", | |
| "exec": [ | |
| "pm.test(\"Login is no longer done via GET request\", function () {", | |
| " pm.response.to.have.status(405);", | |
| "});", | |
| "", | |
| "const cookie = postman.getResponseHeader(\"Set-Cookie\");", | |
| "pm.environment.set(\"cookie\", cookie);" | |
| ] | |
| } | |
| } | |
| ], | |
| "request": { | |
| "method": "GET", | |
| "header": [], | |
| "body": {}, | |
| "url": { | |
| "raw": "https://google-gruyere.appspot.com/574774670130385288196824622060987712038/login?uid={username}&pw={password}", | |
| "protocol": "https", | |
| "host": [ | |
| "google-gruyere", | |
| "appspot", | |
| "com" | |
| ], | |
| "path": [ | |
| "574774670130385288196824622060987712038", | |
| "login" | |
| ], | |
| "query": [ | |
| { | |
| "key": "uid", | |
| "value": "{username}", | |
| "equals": true | |
| }, | |
| { | |
| "key": "pw", | |
| "value": "{password}", | |
| "equals": true | |
| } | |
| ] | |
| }, | |
| "description": "" | |
| }, | |
| "response": [] | |
| }, | |
| { | |
| "name": "XSS Submission", | |
| "event": [ | |
| { | |
| "listen": "test", | |
| "script": { | |
| "id": "73ce03de-0aa0-4191-863b-68f757fe9c5f", | |
| "type": "text/javascript", | |
| "exec": [ | |
| "pm.test(\"Input validation flaw leading to XSS has been fixed\", function () {", | |
| " pm.response.to.have.status(400);", | |
| "});" | |
| ] | |
| } | |
| } | |
| ], | |
| "request": { | |
| "method": "GET", | |
| "header": [ | |
| { | |
| "key": "Cookie", | |
| "value": "{{cookie}}" | |
| } | |
| ], | |
| "body": {}, | |
| "url": { | |
| "raw": "https://google-gruyere.appspot.com/574774670130385288196824622060987712038/newsnippet2?snippet=<a+href=\"javascript:alert(document.cookie);\">test</a>", | |
| "protocol": "https", | |
| "host": [ | |
| "google-gruyere", | |
| "appspot", | |
| "com" | |
| ], | |
| "path": [ | |
| "574774670130385288196824622060987712038", | |
| "newsnippet2" | |
| ], | |
| "query": [ | |
| { | |
| "key": "snippet", | |
| "value": "<a+href=\"javascript:alert(document.cookie);\">test</a>", | |
| "equals": true | |
| } | |
| ] | |
| }, | |
| "description": "" | |
| }, | |
| "response": [] | |
| }, | |
| { | |
| "name": "XSS Payload Execution", | |
| "event": [ | |
| { | |
| "listen": "test", | |
| "script": { | |
| "id": "4d8b1fa7-bbba-4825-80fc-766e82c112ff", | |
| "type": "text/javascript", | |
| "exec": [ | |
| "pm.test(\"User input is properly escaped when displayed.\", function () {", | |
| " pm.expect(pm.response.text()).not.to.include('<a href=\"javascript:');", | |
| "});" | |
| ] | |
| } | |
| } | |
| ], | |
| "request": { | |
| "method": "GET", | |
| "header": [ | |
| { | |
| "key": "Cookie", | |
| "value": "{{cookie}}" | |
| } | |
| ], | |
| "body": {}, | |
| "url": { | |
| "raw": "https://google-gruyere.appspot.com/574774670130385288196824622060987712038/snippets.gtl", | |
| "protocol": "https", | |
| "host": [ | |
| "google-gruyere", | |
| "appspot", | |
| "com" | |
| ], | |
| "path": [ | |
| "574774670130385288196824622060987712038", | |
| "snippets.gtl" | |
| ] | |
| }, | |
| "description": "" | |
| }, | |
| "response": [] | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment