dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Last assignment now filters out .. and / so encoding plays a role now

Browse Source
This commit is contained in:
Nanne Baars
2020-03-08 20:52:24 +01:00
committed by Nanne Baars
parent d4966b5e71
commit 14022d88c9
5 changed files with 78 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
webgoat-integration-tests/src/test/java/org/owasp/webgoat/PathTraversalTest.java
View File

@ -76,11 +76,12 @@ public class PathTraversalTest extends IntegrationTest {
public void assignment4() throws IOException {
startLesson("PathTraversal");
RestAssured.given()
var uri = "/WebGoat/PathTraversal/random-picture?id=%2E%2E%2F%2E%2E%2Fpath-traversal-secret";
RestAssured.given().urlEncodingEnabled(false)
.when()
.relaxedHTTPSValidation()
.cookie("JSESSIONID", getWebGoatCookie())
.get("/WebGoat/PathTraversal/random-picture?id=../../path-traversal-secret")
.get(uri)
.then()
.statusCode(200)
.content(CoreMatchers.is("You found it submit the SHA-512 hash of your username as answer"));