Removed some commented code and added more description to the HTTP Splitting lesson

git-svn-id: http://webgoat.googlecode.com/svn/trunk@38 4033779f-a91e-0410-96ef-6bf7bf53c507
2006-12-22 00:20:31 +00:00 · 2006-12-22 00:20:31 +00:00 · 1d67443b22
commit 1d67443b22
parent 575d040c24
3 changed files with 1 additions and 14 deletions
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java
@ -83,9 +83,6 @@ public class HttpSplitting extends LessonAdapter {
 			{	
 				try
 				{
-					//ec.addElement("HTTP/1.1 200 OK" + System.getProperty("line.separator") + "<html>test</html>");
-					//s.getResponse().setContentType("text/html");
-					//s.getResponse().setHeader("Cache-Control", "no-cache");
 					PrintWriter out = new PrintWriter(s.getResponse().getOutputStream());
 					out.print(lang.substring(lang.indexOf("HTTP/1.1")));	
 					out.flush();
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java
@ -11,7 +11,6 @@ import org.apache.ecs.html.Form;
 import org.apache.ecs.html.H1;
 import org.apache.ecs.html.Input;
 import org.apache.ecs.html.TD;
-import org.apache.ecs.html.TH;
 import org.apache.ecs.html.TR;
 import org.apache.ecs.html.Table;
 import org.apache.ecs.html.Div;
@ -102,17 +101,7 @@ public class XMLInjection extends LessonAdapter {
 			"			 }" + lineSep +
 			"				strHTML = '<table>' + strHTML + '</table>';" + lineSep +
 			"               rewardsDiv.innerHTML = strHTML;"+ lineSep +
-			//"				if (rewards.childNodes.length>3){" + lineSep +
-			//"   				makeSuccess();" + lineSep +
-			//"				}" + lineSep +
 			"        }}}" + lineSep +
-			//"function makeSuccess(){" + lineSep +
-			//"var url = '/WebGoat/attack?Screen=" + String.valueOf(getScreenId()) +
-			//"&menu=" + getDefaultCategory().getRanking().toString() +
-			//"&from=ajax&done=yes';" + lineSep +	        
-			//"   req.open('GET', url, true);" + lineSep +
-			//"   req.send(null);" + lineSep +
-			//"}" + lineSep +
 			"</script>" + lineSep;
 		
 		if (!isDone)
--- a/webgoat/main/project/WebContent/lesson_plans/HttpSplitting.html
+++ b/webgoat/main/project/WebContent/lesson_plans/HttpSplitting.html
@ -21,4 +21,5 @@ but also allows them to create additional responses entirely under their control
 * You notice that the application is redirecting your request to another resource on the server.<br>
 * You should be able to use the CR (%0d) and LF (%0a) to exploit the attack.<br>
 * Your excercise should be to force the server to send a 200 OK. 
+* If the screen changed as an effect to your attack, just go back to the homepage where you will find the lesson completed if you successfully exploited the attack.
 <!-- Stop Instructions -->