XSS - Multilevel JSON Parsing: JS for Pentesters task 20 write up
writeup for task-20 of the JS for pentesters series by security-tube - Multiilevel JSON parsing
Lately we saw and understood that XMLHttpRequest() is very powerful and it can not only receive strings as response but also HTML, JSON and XML too. We have seen in last challenge on how to do a Multi level HTML Parsing and now let us see how can we do a Multi level JSON parsing.
JS for Pentesters task 20
Our objective is to Find John’s Password using an XSS vulnerability on this page and Display the Password in the div with id “result”. Before continuing with this challenge, I strongly recommend you read the topic “Ajax:Parsing and reading JSON” which will cover the basics of parsing and reading JSON files with XMLHttpRequest(). I have solved this challenge in a hurry so I am not sure the following is the best solution. But I am sure payload below works ;) .
So let us see what we have done here. What we basically doing here is that we need to get the token from the first request which in turn gives back a JSON file from which we need to parse and get the token and using this token we need to send a request to
/lab/webapp/jfp/20/getpassword which will give us the correct password. Most of the modern browsers supports the JSON.parse function which helps us in parsing the JSON file got back by as the result.
We hope that you really liked this challenge. If there is anything you didn’t understand or wanted to get more clarity, please comment down and we are more than happy to help. Also, if you get a better way of solving the challenge, please share it with us and we are happy to learn from our readers too. Happy pentesting..