Export to GitHub

bodgeit - issue #6

Additional XSS attack not counted as a passed challenge

Posted on Aug 9, 2013 by Grumpy Camel

You can do an XSS attack on the Login form that does not count for any challenge result:

  1. Go to http://localhost:18080/bodgeit/login.jsp
  2. Provide Username user1@thebodgeitstore.com') --<script>alert("XSS")</script>

Status: New

Labels:
Type-Defect Priority-Medium