WebGoat 5.2 javascript function "callback" attempts access null req.responseXML
Closed this issue · 3 comments
GoogleCodeExporter commented
What steps will reproduce the problem?
1. Examine callback function in DOMInjection.java which makes reference to:
var result = req.responseXML.getElementsByTagName('reward');
2. Exercising this lesson in ff 3.0.15 on ubuntu, results in a javascript
error due to the above statement and the lesson can't be completed.
3. Message is "req.responseXML is null"
What is the expected output? What do you see instead?
Expect to execute eval(message) but the script execution throws an
exception before this point as there is no responseXML.
What version of the product are you using? On what operating system?
ff 3.0.15, ubuntu 8.10
Please provide any additional information below.
It looks to me like this was copied from XMLInjection.java by mistake.
Deleting the offending line in DOMInject.java should fix it, though I can't
build webgoat so can't test.
Original issue reported on code.google.com by aleeth...@gmail.com
on 2 Dec 2009 at 6:01
GoogleCodeExporter commented
Following patch should fix the problem:
diff -p -u DOMInjection.java.orig DOMInjection.java
--- DOMInjection.java.orig 2009-12-02 17:57:07.000000000 +0000
+++ DOMInjection.java 2009-12-02 17:57:07.000000000 +0000
@@ -114,7 +114,6 @@ public class DOMInjection extends Lesson
+ " req.onreadystatechange = callback;" + lineSep + " req.send(null);" +
lineSep + "}" + lineSep
+ "function callback() {" + lineSep + " if (req.readyState == 4) { " + lineSep
+ " if (req.status == 200) { " + lineSep + " var message =
req.responseText;" + lineSep
- + " var result = req.responseXML.getElementsByTagName('reward');" +
lineSep
+ " var messageDiv = document.getElementById('MessageDiv');" + lineSep
+ " try {" + lineSep
+ " eval(message);" + lineSep + " " + lineSep
Original comment by aleeth...@gmail.com
on 3 Dec 2009 at 11:30
GoogleCodeExporter commented
Original comment by mayhe...@gmail.com
on 24 Mar 2010 at 8:35
- Changed state: Accepted
GoogleCodeExporter commented
Original comment by X71...@gmail.com
on 10 Aug 2011 at 4:15
- Changed state: Fixed