npm auditto check for node.js vulnerabilities
usernameis sent to multiple clients
docker run --rm -p 3000:3000 securingthestack/juice-shop:persistent-xss-1
Customer Feedbacksection, how is the application handling XSS attacks?
<script>alert("I have XSS")</script>…
scripttags that would allow the XSS to continue?
package.jsoninto a directory of your choice
npm install npm@latest -g
cdinto the directory with the
npm i --package-lock-only
npm audit > audit.txt
sanitize-htmlcan be leveraged to exploit Assignment 2?
sanitize-htmldoesn't sanitize recursively
Commentfield of http://localhost:3000/#/contact
<script<script>>alert("I stole your auth cookie")<</script>/script>
Npm auditis your friend