-
-
Notifications
You must be signed in to change notification settings - Fork 390
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: implement header param injection handling for JWT vulnerabilities
- Loading branch information
1 parent
928f79f
commit 0c23ff9
Showing
9 changed files
with
116 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
36 changes: 36 additions & 0 deletions
36
src/main/resources/static/templates/JWTVulnerability/LEVEL_13/HeaderInjection_Level13.css
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
#header_injection_level_13 { | ||
color: black; | ||
text-align: justify; | ||
} | ||
|
||
#enterHeader { | ||
font-size: 15px; | ||
display: flex; | ||
margin: 10px; | ||
flex-direction: column; | ||
} | ||
|
||
#headerName, #headerValue { | ||
flex: 1; | ||
word-wrap: break-word; | ||
margin-top: 10px; | ||
} | ||
|
||
#headerResponse { | ||
font-size: 15px; | ||
word-wrap: break-word; | ||
text-align: center; | ||
margin: 10px; | ||
} | ||
|
||
#sendHeader { | ||
background: blueviolet; | ||
display: inline-block; | ||
padding: 4px 4px; | ||
margin: 10px; | ||
border: 1px solid transparent; | ||
border-radius: 2px; | ||
transition: 0.2s opacity; | ||
color: #FFF; | ||
font-size: 12px; | ||
} |
22 changes: 22 additions & 0 deletions
22
src/main/resources/static/templates/JWTVulnerability/LEVEL_13/HeaderInjection_Level13.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
<!DOCTYPE html> | ||
<html lang="en"> | ||
<head> | ||
<meta charset="UTF-8"> | ||
<title>Header Injection</title> | ||
</head> | ||
<body> | ||
<div id="header_injection_level_13"> | ||
<div> | ||
<div id="enterHeader"> | ||
<div>Header Name:</div> | ||
<input type="text" id="headerName" placeholder="Enter header name" /> | ||
<div>Header Value:</div> | ||
<input type="text" id="headerValue" placeholder="Enter header value" /> | ||
</div> | ||
<button id="sendHeader">Send Header</button> | ||
<div id="headerResponse"></div> | ||
</div> | ||
</div> | ||
|
||
</body> | ||
</html> |
18 changes: 18 additions & 0 deletions
18
src/main/resources/static/templates/JWTVulnerability/LEVEL_13/HeaderInjection_Level13.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
function addEventListenerToSendHeaderButton() { | ||
document.getElementById("sendHeader").addEventListener("click", function() { | ||
const headerName = document.getElementById("headerName").value; | ||
const headerValue = document.getElementById("headerValue").value; | ||
|
||
let url = getUrlForVulnerabilityLevel(); | ||
|
||
doGetAjaxCall(function(data) { | ||
document.getElementById("headerResponse").innerHTML = data.isValid ? | ||
"Header Injection was successful!" : | ||
"Header Injection failed. Please try again."; | ||
}, url, true, { | ||
[headerName]: headerValue | ||
}); | ||
}); | ||
} | ||
|
||
addEventListenerToSendHeaderButton(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters