When I attempt the DOM injection exercise in WebGoat Ajax Security section I get a 408 Request Time-out response. What I've done is type a character in the WebGoat textbox and intercept the response with ZAP. I then, using ZAP, replace the body of the response with document.forms[0].submit.disabled=false; The WebGoat application contains eval() and I had expected that eval would process my code to enable a disabled button on the application's page - which is the point of the exercise. All I get back in ZAP id the timeout response. Any help appreciated. Thanks.
Aucun commentaire:
Enregistrer un commentaire