ryancblack/webgoat

WebGoat 5.2 javascript function "callback" attempts access null req.responseXML

Closed this issue · 3 comments

GoogleCodeExporter commented 
What steps will reproduce the problem?
1. Examine callback function in DOMInjection.java which makes reference to:

var result = req.responseXML.getElementsByTagName('reward');

2. Exercising this lesson in ff 3.0.15 on ubuntu, results in a javascript
error due to the above statement and the lesson can't be completed.

3. Message is "req.responseXML is null"

What is the expected output? What do you see instead?

Expect to execute eval(message) but the script execution throws an
exception before this point as there is no responseXML.


What version of the product are you using? On what operating system?
ff 3.0.15, ubuntu 8.10

Please provide any additional information below.

It looks to me like this was copied from XMLInjection.java by mistake.

Deleting the offending line in DOMInject.java should fix it, though I can't
build webgoat so can't test.

Original issue reported on code.google.com by aleeth...@gmail.com on 2 Dec 2009 at 6:01

GoogleCodeExporter commented 
Following patch should fix the problem:
diff -p -u  DOMInjection.java.orig DOMInjection.java
--- DOMInjection.java.orig  2009-12-02 17:57:07.000000000 +0000
+++ DOMInjection.java   2009-12-02 17:57:07.000000000 +0000
@@ -114,7 +114,6 @@ public class DOMInjection extends Lesson
                + "   req.onreadystatechange = callback;" + lineSep + "   req.send(null);" +
lineSep + "}" + lineSep
                + "function callback() {" + lineSep + "    if (req.readyState == 4) { " + lineSep
                + "        if (req.status == 200) { " + lineSep + "            var message =
req.responseText;" + lineSep
-               + "   var result = req.responseXML.getElementsByTagName('reward');" + 
lineSep
                + "    var messageDiv = document.getElementById('MessageDiv');" + lineSep
                + "  try {" + lineSep
                + "          eval(message);" + lineSep + "    " + lineSep

Original comment by aleeth...@gmail.com on 3 Dec 2009 at 11:30

GoogleCodeExporter commented

Original comment by mayhe...@gmail.com on 24 Mar 2010 at 8:35

  • Changed state: Accepted
GoogleCodeExporter commented

Original comment by X71...@gmail.com on 10 Aug 2011 at 4:15

  • Changed state: Fixed