WebGoat学习笔记（二）——JASON Injection

http://localhost:8080/webgoat/attack?Screen=77&menu=400&from=ajax&travelFrom=BOS&travelTo=SEA

的请求响应为JASON脚本

{ "From": "Boston", "To": "Seattle", "flights": [ {"stops": "0", "transit" : "N/A", "price": "$600"}, {"stops": "2", "transit" : "Newark,Chicago", "price": "$300"} ] }

 

浏览器拿到响应的处理：

function callback() { if (req.readyState == 4) { if (req.status == 200) { var card = eval('(' + req.responseText + ')'); var flightsDiv = document.getElementById('flightsDiv'); flightsDiv.innerHTML = ''; var strHTML=''; strHTML = ' No of Stops'; strHTML = strHTML + 'StopsPrices'; for(var i=0; i'; strHTML = strHTML + card.flights[i].stops + ''; strHTML = strHTML + card.flights[i].transit + ''; strHTML = strHTML + '

' + card.flights[i].price + '

'; } strHTML = '' + strHTML + ''; flightsDiv.innerHTML = strHTML; }}}

 

eval可以将JASON脚本解析成JS对象。解析时需要注意：

 

在利用javascript内置的eval函数,将json格式的字符串转换成JS对象时,需要用一对"()"先将该字符串包住.
例如:
将 var strTest="{id:/"cnlei/", url:/"http://www.cnlei.com/"}"; 转换成JS对象
正确写法:
var objTEST=eval("("+strTEST+")"); 
出错写法:
var objTEST=eval(strTEST);