CSRF prevention on Web App

Question

I am creating a web app and im trying to secure the application. I have done a vulnerability scan and found XSS on my login page. I cannot figure how to secure the application from XSS. Can someone please help. I have stop sql injection for the login page but cannot prevent XSS. I have found the exploit in burp suite but cannot fix it. if anyone has some tips on this would be very appriecated

     <%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Sitting Ducks</title>
<link href="style.css" rel="stylesheet" type="text/css" />
</head>


<%
   String username = request.getParameter("username");
   String password = request.getParameter("password");
 //String username="";old code
// String password="";old code
 Cookie[] cookies = request.getCookies();
 if (cookies != null)
  for (Cookie c : cookies) {
        if ("username".equals(c.getName())) {
         username= c.getValue();
        }
        else if("password".equals(c.getName()))
        {
            password= c.getValue();
        }
  }

 %>    

<body>
<div id="main">
<div id="top-nav">
        If<b> Carlsberg</b> did Websites... It <b>definitely</b> wouldn't be this!
</div>


<div id="header">
        <img src="images/Banner.jpg" alt="" width="720" height="160" />
</div>
<div id="navigation">

        Menu

        <hr />
        <a href="index.jsp" class="navigation">Home</a>
        <a href='login.jsp' class="navigation">Login</a>
        <a href="index.jsp" class="navigation">Logout</a>
        <a href="search.jsp" class="navigation">Search</a>
        <a href="documents.jsp" class="navigation">Documents</a>
        <a href="Messages.jsp" class="navigation">Messages</a>
        <a href="SendMessage.jsp" class="navigation">Send Message</a>
</div>
<br></br>
<div id="content">

    <h1>Login</h1>
    <form action="ValidateLogin" method="post">
            <table> 
                <tr><td>UserName: </td><td><input type="text" name="username" value="<%=username%>" /></td></tr>
                <tr><td>Password :</td><td><input type="password" name="password" value="<%=password%>"/></td></tr>
                <tr><td><input type="submit" name="Login" value="Login"/></td></tr>
            </table>  
        </form>
    <%
        if(request.getParameter("err")!=null){out.print(request.getParameter("err"));} 
    %>
</div>
<div id="footer">

    <hr />
        Copyright © 2016 | Sitting Ducks

</div>



</div>

</body>

</html>

Your question title asks about CSRF but the body asks about XSS. What are you really asking about? — Quentin, Nov 05 '17 at 19:39
Why is this tagged [tag:javascript]? That code looks like JSP. — Quentin, Nov 05 '17 at 19:40

score 0 · Answer 1 · answered Nov 05 '17 at 19:36

CSRF is a type of attack where a bad website can get the browser to send commands to your website without the user's knowledge. It is actually very easy to exploit. The user's browser will not let the bad website access the cookies your website sets. But the bad website can ask the browser to send a request to your website and the browser will not only send the request, it will also send the cookies you set.

So how do you stop such an attack? Javascript! You should create an endpoint on your server that will provide a randomly generated token. You then use Javascript to request the token. But don't store this token in the cookie! Each time you make a request to your server, attach this token to the request using Javascript. The bad website will not be able to attach this token.

Here is another explination: What is a CSRF token ? What is its importance and how does it work?

CSRF prevention on Web App

1 Answers1