merge conflict resolved

Author: RupakBiswas-2304

Solutions/solution.md

@@ -259,7 +259,12 @@ Results page contains the word `TEXT` in Heading as well as Green color hence XS
 
 Now you can go ahead and enter `<script >alert(“xss”) </script >` once XSS is confirmed.
 
-To see results on screen, make sure your browser has JavaScript enabled. 
+To see results on screen, make sure your browser has JavaScript enabled.
+
+**Lab 3**
+- ##### [ step- 1 ] Checking user input is being reflected or not
+   - Though alphanumeric characters are being escaped we can still write js code with these 6 character `![]()+`
+   - check [jsfuck](http://www.jsfuck.com/)
 
 
 ## A8:Insecure Deserialization

app.log

@@ -100,6 +100,20 @@ <h4>Exploiting the Reflection of the search query </h4>
             <div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/xssL2'">Access
                     Lab</button></div>
         </div>
+        
+        <button class="coll btn btn-info">Lab Details</button>
+        <div class="lab">
+            <p class="bp">
+                This lab is a demonstration of a Reflected XSS
+            </p>
+            <p class="bp">The goal of this challenge is to trigger an alert, User input is being Reflected on script Tag, but the real challenge lies in the fact that all alphanumeric characters are escaped. Can you find way to pop an alert ?
+            </p> 
+         
+
+            <br>
+            <div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/xssL3'">Access
+                    Lab</button></div>
+        </div>
         <br>
 
 

introduction/templates/Lab/XSS/xss.html

@@ -0,0 +1,28 @@
+{% extends "introduction/base.html" %}
+{% block content %}
+{% block title %}
+
+<title>XSS LAB 2</title>
+{% endblock %}
+<h1>Welcome to XSS Challenge</h1>
+<form  method="post" action="/xssL3">
+    {% csrf_token %}
+    <div class="jumbotron">
+        <label for="username">Name:</label>
+        <input type="text" class="form-control" id="username" name="username" required>
+    </div>
+   <button class="btn btn-info" type="submit">
+                Go
+            </button>
+</form>
+<br>
+<p>{{code}}</p>
+<script>
+    // LAB 3 JS CODE
+    {{code}}
+</script>
+<br>
+<div align="right">
+  <button class="btn btn-info" type="button" onclick="window.location.href='/xss'">Back to Lab Details</button>
+</div>
+{% endblock content %}

introduction/templates/Lab/XSS/xss_lab_3.html

@@ -9,6 +9,7 @@
     path('xss', views.xss,name="xss"),
     path('xssL',views.xss_lab,name='xss_lab'),
     path('xssL2', views.xss_lab2, name='xss_lab2'),
+    path('xssL3', views.xss_lab3, name='xss_lab3'),
     path('xssL1',views.xss_lab,name='xss_lab'),
     path("sql",views.sql,name='sql'),
     path("sql_lab",views.sql_lab,name="sql_lab"),

introduction/urls.py

@@ -38,6 +38,7 @@
 from argon2 import PasswordHasher
 import logging
 import requests
+import re
 #*****************************************Login and Registration****************************************************#
 
 def register(request):
@@ -115,6 +116,21 @@ def xss_lab2(request):
         return render(request, 'Lab/XSS/xss_lab_2.html', context)
     else:
         return redirect('login')
+    
+def xss_lab3(request):
+    if request.user.is_authenticated:
+        if request.method == 'POST':
+            username = request.POST.get('username')
+            print(type(username))
+            pattern = r'\w'
+            result = re.sub(pattern, '', username)
+            context = {'code':result}
+            return render(request, 'Lab/XSS/xss_lab_3.html',context)
+        else:
+            return render(request, 'Lab/XSS/xss_lab_3.html')
+            
+    else:        
+        return redirect('login')
 
 #***********************************SQL****************************************************************#
 

introduction/views.py

@@ -1,30 +1,21 @@
+argon2==0.1.10
 argon2-cffi==21.3.0
 argon2-cffi-bindings==21.2.0
-asgiref==3.5.2
-certifi==2022.6.15
-cffi==1.15.0
-charset-normalizer==2.0.12
-click==8.1.3
-colorama==0.4.5
-cryptography==37.0.2
+asgiref==3.6.0
+certifi==2022.12.7
+cffi==1.15.1
+charset-normalizer==3.0.1
+cryptography==39.0.1
 defusedxml==0.7.1
 dj-database-url==0.5.0
-Django==4.0.4
-django-allauth==0.51.0
-django-crispy-forms==1.14.0
+Django==4.1.7
+django-allauth==0.52.0
+django-crispy-forms==2.0
 django-heroku==0.3.1
-flake8==3.9.0
-Flask==2.1.2
-gunicorn==20.1.0
-idna==3.3
-importlib-metadata==4.11.4
-itsdangerous==2.1.2
-Jinja2==3.1.2
-MarkupSafe==2.1.1
+idna==3.4
 mccabe==0.6.1
-oauthlib==3.2.0
-php-wsgi==0.0.12
-Pillow==8.0.0
+oauthlib==3.2.2
+Pillow==9.4.0
 psycopg2==2.9.3
 pycodestyle==2.7.0
 pycparser==2.21
@@ -33,11 +24,10 @@ PyJWT==2.4.0
 python3-openid==3.2.0
 pytz==2020.1
 PyYAML==5.1
-requests==2.28.0
+requests==2.28.2
 requests-oauthlib==1.3.1
 sqlparse==0.3.1
 urllib3==1.26.9
 Werkzeug==2.1.2
 whitenoise==6.2.0
 zipp==3.8.0
-