OWASP Juice Shop — XSS Tier 0 and XSS Tier 1 Challenge Solutions
Today, I am planning to solve XSS Tier 0 challenge by performing a reflected XSS attack and the XSS Tier 1 challenge by performing a DOM XSS attack. before solving the challenges, let’s understand what is an XSS (also known as Cross-site scripting) attack.
What is Cross-site scripting (XSS)?
There are three types of XSS.
- Stored XSS
- Reflected XSS
- DOM Based XSS
In these challenges, we are using Reflected XSS and DOM-based XSS attacks. So let’s look into those types.
This is also known as a non-persistent XSS attack. This occurs when a malicious script appears on the web application. This script is activated through a link, which sends a request to a website with a vulnerability that enables the execution of malicious scripts.
DOM Based XSS
This attack uses malicious code to modify the DOM elements/environment in the client-side script. In this attack, the payload is placed on the server-side.
Now, let’s solve OWASP Juice shop challenges using XSS attacks.
The solution to XSS Tier 1 problem
First, you need to log in to the Juice shop as any user to solve this challenge. If you don’t know how to log in please follow the steps in my previous tutorial.
To solve this problem, we are going to use the search input field at the top of the page. when we search for something we can see the search term appears at top of the page as search results.
Now we are going to input below HTML code as a search input to see if we can inject HTML into the web page.
Now if you inspect the web page you can see <h1>hello world</h1> is embedded in the web page.
Next, let's try the below code
Copy this snippet and paste it into the search field and click on search button. You will get a pop-up like this.
Congratulations!!! You perform a DOM XSS attack and solve the XSS Tier 1 problem successfully. In this attack, your payload was handled and improperly embedded into the page by the application frontend code without ever sending it to the server.
The solution to XSS Tier 0 problem
Now let’s look into the XSS Tier 0 problem. In this problem, we are going to use the “Order ID” field in the “Track Orders” tab to trigger the XSS attack.
Remember to log in as any user
Do some shopping and visit the Track Orders tab. Use the same snippet, we used to solve the previous problem, as the input of Order Id.
Similar to the above solution you will get the pop-up.
CONGRATULATIONS!!! Today you solved two problems in OWASP Juice Shop using an XSS attack.
XSS attacks we tried here are relatively harmless because they only affect us. It would be more harmful if we get malicious code snippet inside the database of visible script results to the other users.
Before the end of this tutorial let’s see how to protect our applications against these types of attacks.
 “Reflected XSS | How to Prevent a Non-Persistent Attack | Imperva.” Learning Center, 29 Dec. 2019, www.imperva.com/learn/application-security/reflected-xss-attacks/#:%7E:text=Reflected%20XSS%20attacks,%20also%20known,enables%20execution%20of%20malicious%20scripts.