From 15d80a3006b40eeee4f44afd93f262d55cba6efc Mon Sep 17 00:00:00 2001 From: "wirth.marcel" Date: Mon, 14 Apr 2008 12:03:55 +0000 Subject: [PATCH] Minor fixes git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@337 4033779f-a91e-0410-96ef-6bf7bf53c507 --- .../webgoat/lessons/MultiLevelLogin1.java | 4 +-- .../webgoat/lessons/PasswordStrength.java | 8 ++++-- .../RoleBasedAccessControl.java | 15 +---------- .../lessons/SQLInjection/SQLInjection.java | 26 +++++++++++++++++++ .../WebContent/lesson_plans/HowToWork.html | 2 +- .../lesson_solutions/ClientSideFiltering.html | 25 +++++++++++------- .../ClientSideValidation.html | 4 +-- .../lesson_solutions/HttpSplitting.html | 4 +-- .../lesson_solutions/MultiLevelLogin1.html | 4 +-- 9 files changed, 57 insertions(+), 35 deletions(-) diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin1.java b/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin1.java index 688904a96..9379a5ef0 100644 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin1.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin1.java @@ -803,7 +803,7 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter List hints = new ArrayList(); hints.add("Stage 1: Just do a regular login"); - hints.add("Stage 2: How does the server know which TAN has to be used"); + hints.add("Stage 2: How does the server know which TAN has to be used?"); hints.add("Stage 2: Maybe taking a look at the source code helps"); hints.add("Stage 2: Watch out for hidden fields"); hints.add("Stage 2: Manipulate the hidden field 'hidden_tan'"); @@ -822,7 +822,7 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter { instructions = "STAGE 1:\t This stage is just to show how a classic multi login works. " + "Your goal is to do a regular login as Jane with password tarzan. " - + "You have following TAN:
" + "Tan #1 = 15648
" + "Tan #2 = 92156
" + + "You have following TANs:
" + "Tan #1 = 15648
" + "Tan #2 = 92156
" + "Tan #3 = 4879
" + "Tan #4 = 9458
" + "Tan #5 = 4879
"; } diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/PasswordStrength.java b/main/project/JavaSource/org/owasp/webgoat/lessons/PasswordStrength.java index 009463461..f435a22b0 100644 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/PasswordStrength.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/PasswordStrength.java @@ -7,6 +7,7 @@ import org.apache.ecs.Element; import org.apache.ecs.ElementContainer; import org.apache.ecs.StringElement; import org.apache.ecs.html.BR; +import org.apache.ecs.html.Div; import org.apache.ecs.html.Input; import org.apache.ecs.html.TD; import org.apache.ecs.html.TR; @@ -127,8 +128,11 @@ public class PasswordStrength extends LessonAdapter ec.addElement(table); ec.addElement(new BR()); ec.addElement(new BR()); + Div div = new Div(); + div.addAttribute("align", "center"); Element b = ECSFactory.makeButton("Go!"); - ec.addElement(b); + div.addElement(b); + ec.addElement(div); } catch (Exception e) { s.setMessage("Error generating " + this.getClass().getName()); @@ -155,7 +159,7 @@ public class PasswordStrength extends LessonAdapter public List getHints(WebSession s) { List hints = new ArrayList(); - hints.add("Copy the passwords in the code checker."); + hints.add("Copy the passwords into the code checker."); return hints; } diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java b/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java index aff7c7767..89b759460 100644 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java @@ -151,7 +151,7 @@ public class RoleBasedAccessControl extends GoatHillsFinancial instructions = "Stage 1: Bypass Presentational Layer Access Control.
" + "As regular employee 'Tom', exploit weak access control to use the Delete function from the Staff List page. " + "Verify that Tom's profile can be deleted." - + "The password for a user is always his prename.."; + + "The password for a user is always his prename."; } else if (STAGE2.equals(stage)) { @@ -191,25 +191,12 @@ public class RoleBasedAccessControl extends GoatHillsFinancial try { - System.out.println("Solution: " + getLessonSolutionFileName(s)); src = readFromFile(new BufferedReader(new FileReader(s.getWebResource(getLessonSolutionFileName(s)))), false); } catch (IOException e) { s.setMessage("Could not find the solution file"); src = ("Could not find the solution file"); } - -// Html html = new Html(); -// -// Head head = new Head(); -// head.addElement(new Title(getLessonSolutionFileName(s))); -// -// Body body = new Body(); -// body.addElement(new StringElement(src)); -// -// html.addElement(head); -// html.addElement(body); - return src; } diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java b/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java index 8f69a2549..ff5dcca1d 100644 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java @@ -1,6 +1,9 @@ package org.owasp.webgoat.lessons.SQLInjection; +import java.io.BufferedReader; +import java.io.FileReader; +import java.io.IOException; import java.util.ArrayList; import java.util.List; import org.apache.ecs.ElementContainer; @@ -245,4 +248,27 @@ public class SQLInjection extends GoatHillsFinancial { return "LAB: SQL Injection"; } + + @Override + public String getSolution(WebSession s) { + String src = null; + + try + { + src = readFromFile(new BufferedReader(new FileReader(s.getWebResource(getLessonSolutionFileName(s)))), false); + } catch (IOException e) + { + s.setMessage("Could not find the solution file"); + src = ("Could not find the solution file"); + } + return src; + } + + public String getLessonSolutionFileName(WebSession s) { + System.out.println("SOLUTION!!!"); + String solutionFileName = null; + String stage = getStage(s); + solutionFileName = "/lesson_solutions/Lab SQL Injection/Lab " + stage + ".html"; + return solutionFileName; + } } diff --git a/main/project/WebContent/lesson_plans/HowToWork.html b/main/project/WebContent/lesson_plans/HowToWork.html index 06c71107e..b4e514d9d 100644 --- a/main/project/WebContent/lesson_plans/HowToWork.html +++ b/main/project/WebContent/lesson_plans/HowToWork.html @@ -4,7 +4,7 @@ Welcome to a short introduction to WebGoat.
Here you will learn how to use WebGoat and additional tools for the lessons.

-

Environment Information

+

Environment Information

WebGoat uses Apache Tomcat as server. It is setup to run on localhost. This configuration is for single user. If you want to use WebGoat in a laboratory or in diff --git a/main/project/WebContent/lesson_solutions/ClientSideFiltering.html b/main/project/WebContent/lesson_solutions/ClientSideFiltering.html index cf7f5b9c7..b8d320d97 100644 --- a/main/project/WebContent/lesson_solutions/ClientSideFiltering.html +++ b/main/project/WebContent/lesson_solutions/ClientSideFiltering.html @@ -22,11 +22,14 @@ to which you should not have access.

Solution:
+

This Lab consists of two Stages. In the first Stage you have to get sensitive information . In the second one you have to fix the problem.
-

Stage 1

+

+Stage 1 +

Use Firebug to solve this stage. If you are using IE you can try it with -IEWatch.

+IEWatch.

First use any person from the list and see what you get. After doing this you can search for a specific person in Firebug. Make sure you find the hidden table with @@ -36,16 +39,17 @@ Neville. Clientside Filtering Inspect HTML on Firebug -

+

Now write the salary into the text edit box and submit your answer! - -

Stage 2

+

+Stage 2 +

In this stage you have to modify the clientSideFiltering.jsp which you will find under the WebContent in the lessons/Ajax folder. The Problem is that the server sends all information to the client. As you could see even if it is hidden it is easy to find the sensitive date. In this stage you will add a filter to the XPath queries. In this file you will find -following construct:

+following construct:

StringBuffer sb = new StringBuffer();
@@ -56,10 +60,11 @@ following construct:

sb.append("/Employees/Employee/Salary ");
String expression = sb.toString();
-
+ +

This string will be used for the XPath query. You have to guarantee that a manger only can see employees which are working for him. To archive this you can use -filters in XPath. Following code will exactly do this:

+filters in XPath. Following code will exactly do this:

StringBuffer sb = new StringBuffer();
@@ -71,9 +76,9 @@ filters in XPath. Following code will exactly do this:

String expression = sb.toString();
 -

+

Now only information is sent to your client you are authorized for. You can click on the button. -

+

\ No newline at end of file diff --git a/main/project/WebContent/lesson_solutions/ClientSideValidation.html b/main/project/WebContent/lesson_solutions/ClientSideValidation.html index 082e51531..6d0e354ad 100644 --- a/main/project/WebContent/lesson_solutions/ClientSideValidation.html +++ b/main/project/WebContent/lesson_solutions/ClientSideValidation.html @@ -28,7 +28,7 @@ Javascript. For IE you can use IEWatch. This solution is written for Firebug which is a plugin for Firefox.

-

Stage 1

+Stage 1

First we want to try to get a coupon code to get something cheaper. Open Firebug and click on the Script Tab. Make sure you choose clientSideValidation.js @@ -47,7 +47,7 @@ Now that you know the coupon name enter it in the coupon field, purchase somethi and you are done.

-

Stage 2

+Stage 2

You can not edit the Prices in the Shopping Cart. The reason is that the readonly attribute is set for this field. diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting.html b/main/project/WebContent/lesson_solutions/HttpSplitting.html index 3d8921e49..03e345f93 100644 --- a/main/project/WebContent/lesson_solutions/HttpSplitting.html +++ b/main/project/WebContent/lesson_solutions/HttpSplitting.html @@ -747,7 +747,7 @@ line-feed you want.

 

Enter a -language to examine what’s going on. You do have WebScarab intercepting HTTP +language to examine what's going on. You do have WebScarab intercepting HTTP requests and responses?

 

@@ -948,7 +948,7 @@ style='mso-element:field-end'> Hacked!

 

-

Hit the “Back” +

Hit the "Back" button of your browser.

 

diff --git a/main/project/WebContent/lesson_solutions/MultiLevelLogin1.html b/main/project/WebContent/lesson_solutions/MultiLevelLogin1.html index df8b64eb6..b80f5db03 100644 --- a/main/project/WebContent/lesson_solutions/MultiLevelLogin1.html +++ b/main/project/WebContent/lesson_solutions/MultiLevelLogin1.html @@ -28,7 +28,7 @@ accept the TAN even it is already used. Solution:
This Lesson has two stages. The first stage is only to show how a multi level login -works. In the second you have to breake the strong authentication. +works. In the second you have to break the strong authentication.

Stage 1
This stage should be rather straight forward. Give in as name Jane @@ -49,7 +49,7 @@ list provided, click on the submit button and you are done.

Stage 2
-The first step in this stage is equal to Stage 1. Log in as Jane with tarzan. +The first step in this stage is equal to Stage 1. Log in as Jane with tarzan as password. Now you will be asked for a TAN. Unfortunately you have only a already used TAN from the victim. Fill in the TAN you have and make sure that WebScarab will intercept the next request. Hit the submit button and change the hidden_tan