This improves the text of the lesson about XSS

CryptoHackz · Jun 13, 2018 · b0fbeaf · b0fbeaf
1 parent f383454
commit b0fbeaf
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/...e-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content6a.adoc b/...e-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content6a.adoc
@@ -1,15 +1,15 @@
 == Identify Potential for DOM-Based XSS
 
 DOM-Based XSS can usually be found by looking for the route configurations in the client-side code.
-Look for a route that takes inputs that you can ID being 'reflected' to the page.
+Look for a route that takes inputs that are being 'reflected' to the page.
 
 For this example, you'll want to look for some 'test' code in the route handlers (WebGoat uses backbone as its primary javascript library).
 Sometimes, test code gets left in production (and often times test code is very simple and lacks security or any quality controls!).
 
 Your objective is to find the route and exploit it. First though ... what is the base route? As an example, look at the URL for this lesson ...
-it should look something like /WebGoat/start.mvc#lesson/CrossSiteScripting.lesson/9 (although maybe slightly different). The 'base route' in this case is:
+it should look something like /WebGoat/start.mvc#lesson/CrossSiteScripting.lesson/9. The 'base route' in this case is:
 *start.mvc#lesson/*
+The *CrossSiteScripting.lesson/9* after that are parameters that are processed by the javascript route handler.
 
-The *CrossSiteScripting.lesson/#* after that are parameters that are processed by javascript route handler.
-
-So, what is test route for this test code?
+So, what is the route for the test code that stayed in the app during production?
+To answer this question, you have to check the javascript source.
diff --git a/...e-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content6b.adoc b/...e-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content6b.adoc
@@ -8,4 +8,4 @@ The function you want to execute is ...
 
 Sure, you could just use console/debug to trigger it, but you need to trigger it via a URL in a new tab.
 
-Once you do trigger it, a subsequent response will come to the browser with a random number. Put that random number in below.
+Once you do trigger it, a subsequent response will come to your browser's console with a random number. Put that random number in below.
Original file line number	Diff line number	Diff line change
Expand Up		@@ -8,4 +8,4 @@ The function you want to execute is ...

		Sure, you could just use console/debug to trigger it, but you need to trigger it via a URL in a new tab.

		Once you do trigger it, a subsequent response will come to the browser with a random number. Put that random number in below.
		Once you do trigger it, a subsequent response will come to your browser's console with a random number. Put that random number in below.