dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Roundtrip for challenge 2 done

Browse Source
This commit is contained in:
Nanne Baars 2017-04-08 11:08:33 +02:00
parent 599f36fdb8
commit 05bb61ad57
3 changed files with 66 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Challenge2.java
View File

@ -22,8 +22,8 @@ public class Challenge2 extends AssignmentEndpoint {
@RequestMapping(method = RequestMethod.POST) @RequestMapping(method = RequestMethod.POST)
public public
@ResponseBody @ResponseBody
AttackResult completed(@RequestParam String couponCode) throws IOException { AttackResult completed(@RequestParam String checkoutCode) throws IOException {
if (SUPER_COUPON_CODE.equals(couponCode)) { if (SUPER_COUPON_CODE.equals(checkoutCode)) {
return success().feedback("challenge.solved").feedbackArgs(Flag.FLAGS.get(2)).build(); return success().feedback("challenge.solved").feedbackArgs(Flag.FLAGS.get(2)).build();
} }
return failed().build(); return failed().build();

14
webgoat-lessons/challenge/src/main/resources/html/Challenge.html
View File

@ -61,7 +61,12 @@
<script th:src="@{/lesson_js/challenge2.js}" language="JavaScript"></script> <script th:src="@{/lesson_js/challenge2.js}" language="JavaScript"></script>
<div class="attack-container"> <div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/challenge/2"
enctype="application/json;charset=UTF-8">
<div class="container"> <div class="container">
<div class="row"> <div class="row">
<div class="col-xs-3 item-photo"> <div class="col-xs-3 item-photo">
<img style="max-width:100%;" th:src="@{/images/samsung-black.jpg}"/> <img style="max-width:100%;" th:src="@{/images/samsung-black.jpg}"/>
@ -114,21 +119,24 @@
<!-- <!--
Checkout code: pre-order-webgoat, pre-order-owasp, pre-order-webgoat-owasp Checkout code: pre-order-webgoat, pre-order-owasp, pre-order-webgoat-owasp
--> -->
<input class="checkoutCode" value=""/> <input name="checkoutCode" class="checkoutCode" value=""/>
</div> </div>
<div class="section" style="padding-bottom:20px;"> <div class="section" style="padding-bottom:20px;">
<button class="btn btn-success"><span style="margin-right:20px" <button type="submit" class="btn btn-success"><span style="margin-right:20px"
class="glyphicon glyphicon-shopping-cart" class="glyphicon glyphicon-shopping-cart"
aria-hidden="true"></span>Buy aria-hidden="true"></span>Buy
</button> </button>
<h6><a href="#"><span class="glyphicon glyphicon-heart-empty" style="cursor:pointer;"></span> <h6><a href="#"><span class="glyphicon glyphicon-heart-empty"
style="cursor:pointer;"></span>
Like</a></h6> Like</a></h6>
</div> </div>
</div> </div>
</div> </div>
</div> </div>
</form>
<br/> <br/>
<div> <div>
<form class="form-inline" method="POST" name="form" action="/WebGoat/challenge/flag"> <form class="form-inline" method="POST" name="form" action="/WebGoat/challenge/flag">

2
webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_2.adoc
View File

@ -1 +1 @@
=== No need to pay... (WIP!!) === No need to pay...