dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

First setup for challenge 5

Browse Source
This commit is contained in:
Nanne Baars 2017-04-30 17:05:34 +02:00
parent 459cc613e1
commit 262fbbcf52
29 changed files with 543 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
webgoat-lessons/challenge/pom.xml
View File

@ -9,4 +9,12 @@
<version>8.0-SNAPSHOT</version>
</parent>
<dependencies>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.7.0</version>
</dependency>
</dependencies>
</project>

1
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/SolutionConstants.java
View File

@ -12,5 +12,6 @@ public interface SolutionConstants {
String PASSWORD = "!!webgoat_admin_1234!!";
String SUPER_COUPON_CODE = "get_it_for_free";
String PASSWORD_TOM = "thisisasecretfortomonly";
String JWT_PASSWORD = "victory";
}

39
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Challenge5.java Normal file
View File

@ -0,0 +1,39 @@
package org.owasp.webgoat.plugin.challenge5;
import com.google.common.collect.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import java.util.List;
/**
* @author nbaars
* @since 3/21/17.
*/
public class Challenge5 extends NewLesson {
@Override
public Category getDefaultCategory() {
return Category.CHALLENGE;
}
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 10;
}
@Override
public String getTitle() {
return "challenge5.title";
}
@Override
public String getId() {
return "Challenge5";
}
}

13
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Views.java Normal file
View File

@ -0,0 +1,13 @@
package org.owasp.webgoat.plugin.challenge5;
/**
* @author nbaars
* @since 4/30/17.
*/
public class Views {
interface GuestView {}
interface UserView extends GuestView {}
interface AdminView extends UserView {}
}

102
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Votings.java Normal file
View File

@ -0,0 +1,102 @@
package org.owasp.webgoat.plugin.challenge5;
import com.fasterxml.jackson.annotation.JsonView;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import lombok.AllArgsConstructor;
import lombok.Getter;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.http.converter.json.MappingJacksonValue;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import static org.owasp.webgoat.plugin.SolutionConstants.JWT_PASSWORD;
/**
* @author nbaars
* @since 4/23/17.
*/
@RestController
@RequestMapping("/votings")
public class Votings {
@AllArgsConstructor
@Getter
private class Voting {
@JsonView(Views.GuestView.class)
private String title;
@JsonView(Views.GuestView.class)
private String information;
@JsonView(Views.GuestView.class)
private String imageSmall;
@JsonView(Views.GuestView.class)
private String imageBig;
@JsonView(Views.UserView.class)
private int numberOfVotes;
@JsonView(Views.AdminView.class)
private String flag;
}
private int totalVotes = 38929;
private List votings = Lists.newArrayList(
new Voting("Admin lost password",
"In this challenge you will need to help the admin and find the password in order to login",
"challenge1-small.png", "challenge1.png", 14242, null),
new Voting("Vote for your favourite",
"In this challenge ...",
"challenge5-small.png", "challenge5.png", 12345, null),
new Voting("Get is for free",
"The objective for this challenge is to buy a Samsung phone for free.",
"challenge2-small.png", "challenge2.png", 12342, null)
);
@GetMapping("/login")
@ResponseBody
@ResponseStatus(code = HttpStatus.OK)
public void login(@RequestParam("user") String user, HttpServletResponse response) {
Map<String, Object> claims = Maps.newHashMap();
claims.put("admin", "false");
claims.put("user", user);
String token = Jwts.builder()
.setIssuedAt(new Date(System.currentTimeMillis() + TimeUnit.DAYS.toDays(10)))
.setClaims(claims)
.signWith(SignatureAlgorithm.HS512, JWT_PASSWORD)
.compact();
Cookie cookie = new Cookie("access_token", token);
response.addCookie(cookie);
}
@GetMapping
public MappingJacksonValue getVotings(@CookieValue(value = "access_token", required = false) String accessToken) {
MappingJacksonValue value = new MappingJacksonValue(votings);
if (accessToken == null) {
value.setSerializationView(Views.GuestView.class);
} else {
value.setSerializationView(Views.UserView.class);
}
return value;
}
@PostMapping
@ResponseBody
@ResponseStatus(HttpStatus.ACCEPTED)
public void vote(String title) {
totalVotes = totalVotes + 1;
//return
}
@GetMapping("/flags")
@ResponseBody
public ResponseEntity<?> getFlagInformation(@CookieValue("access_token") String accessToken, HttpServletResponse response) {
return ResponseEntity.ok().build();
}
}

12
webgoat-lessons/challenge/src/main/resources/css/challenge5.css Normal file
View File

@ -0,0 +1,12 @@
a.list-group-item {
height:auto;
}
a.list-group-item.active small {
color:#fff;
}
.stars {
margin:20px auto 1px;
}
.img-responsive {
min-width: 100%;
}

2
webgoat-lessons/challenge/src/main/resources/html/Challenge.html
View File

@ -1,4 +1,4 @@
<!DOCTYPE html>
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">

49
webgoat-lessons/challenge/src/main/resources/html/Challenge1.html
View File

@ -5,30 +5,33 @@
<div class="lesson-page-wrapper">
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<div class="panel panel-default">
<div class="panel-heading">
<img th:src="@{/images/webgoat2.png}" class="img-thumbnail"/>
</div>
<div class="panel-body">
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/challenge/1"
style="width: 200px;"
enctype="application/json;charset=UTF-8">
<div class="form-group">
<label for="exampleInputEmail1" th:text="#{username}">Username</label>
<input autofocus="dummy_for_thymeleaf_parser" type="text" class="form-control"
id="exampleInputEmail1" placeholder="Username" name='username' value="admin"/>
</div>
<div class="form-group">
<label for="exampleInputPassword1" th:text="#{password}">Password</label>
<input type="password" class="form-control" id="exampleInputPassword1"
placeholder="Password"
name='password'/>
</div>
<button class="btn btn-primary btn-block" type="submit" th:text="#{sign.in}">Sign in</button>
</form>
<div class="container">
<div class="panel panel-default">
<div class="panel-heading">
<img th:src="@{/images/webgoat2.png}" class="img-thumbnail"/>
</div>
<div class="panel-body">
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/challenge/1"
style="width: 200px;"
enctype="application/json;charset=UTF-8">
<div class="form-group">
<label for="exampleInputEmail1" th:text="#{username}">Username</label>
<input autofocus="dummy_for_thymeleaf_parser" type="text" class="form-control"
id="exampleInputEmail1" placeholder="Username" name='username' value="admin"/>
</div>
<div class="form-group">
<label for="exampleInputPassword1" th:text="#{password}">Password</label>
<input type="password" class="form-control" id="exampleInputPassword1"
placeholder="Password"
name='password'/>
</div>
<button class="btn btn-primary btn-block" type="submit" th:text="#{sign.in}">Sign in</button>
</form>
</div>
</div>
</div>

125
webgoat-lessons/challenge/src/main/resources/html/Challenge2.html
View File

@ -9,81 +9,84 @@
<script th:src="@{/lesson_js/challenge2.js}" language="JavaScript"></script>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/challenge/2"
enctype="application/json;charset=UTF-8">
<input id="discount" type="hidden" value="0"/>
<div class="row">
<div class="container">
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/challenge/2"
enctype="application/json;charset=UTF-8">
<div class="col-xs-3 item-photo">
<img style="max-width:100%;" th:src="@{/images/samsung-black.jpg}"/>
</div>
<div class="col-xs-5" style="border:0px solid gray">
<h3>Samsung Galaxy S8</h3>
<h5 style="color:#337ab7"><a href="http://www.samsung.com">Samsung</a> ·
<small style="color:#337ab7">(124421 reviews)</small>
</h5>
<input id="discount" type="hidden" value="0"/>
<div class="row">
<h6 class="title-price">
<small>PRICE</small>
</h6>
<h3 style="margin-top:0px;"><span>US $</span><span id="price">899</span></h3>
<div class="col-xs-3 item-photo">
<img style="max-width:100%;" th:src="@{/images/samsung-black.jpg}"/>
</div>
<div class="col-xs-5" style="border:0px solid gray">
<h3>Samsung Galaxy S8</h3>
<h5 style="color:#337ab7"><a href="http://www.samsung.com">Samsung</a> ·
<small style="color:#337ab7">(124421 reviews)</small>
</h5>
<div class="section">
<h6 class="title-attr" style="margin-top:15px;">
<small>COLOR</small>
<h6 class="title-price">
<small>PRICE</small>
</h6>
<div>
<div class="attr" style="width:25px;background:lightgrey;"></div>
<div class="attr" style="width:25px;background:black;"></div>
<h3 style="margin-top:0px;"><span>US $</span><span id="price">899</span></h3>
<div class="section">
<h6 class="title-attr" style="margin-top:15px;">
<small>COLOR</small>
</h6>
<div>
<div class="attr" style="width:25px;background:lightgrey;"></div>
<div class="attr" style="width:25px;background:black;"></div>
</div>
</div>
</div>
<div class="section" style="padding-bottom:5px;">
<h6 class="title-attr">
<small>CAPACITY</small>
</h6>
<div>
<div class="attr2">64 GB</div>
<div class="attr2">128 GB</div>
<div class="section" style="padding-bottom:5px;">
<h6 class="title-attr">
<small>CAPACITY</small>
</h6>
<div>
<div class="attr2">64 GB</div>
<div class="attr2">128 GB</div>
</div>
</div>
</div>
<div class="section" style="padding-bottom:5px;">
<h6 class="title-attr">
<small>QUANTITY</small>
</h6>
<div>
<div class="btn-minus"><span class="glyphicon glyphicon-minus"></span></div>
<input class="quantity" value="1"/>
<div class="btn-plus"><span class="glyphicon glyphicon-plus"></span></div>
<div class="section" style="padding-bottom:5px;">
<h6 class="title-attr">
<small>QUANTITY</small>
</h6>
<div>
<div class="btn-minus"><span class="glyphicon glyphicon-minus"></span></div>
<input class="quantity" value="1"/>
<div class="btn-plus"><span class="glyphicon glyphicon-plus"></span></div>
</div>
</div>
</div>
<div class="section" style="padding-bottom:5px;">
<h6 class="title-attr">
<small>CHECKOUT CODE</small>
</h6>
<!--
Checkout code: webgoat, owasp, owasp-webgoat
-->
<input name="checkoutCode" class="checkoutCode" value=""/>
<div class="section" style="padding-bottom:5px;">
<h6 class="title-attr">
<small>CHECKOUT CODE</small>
</h6>
<!--
Checkout code: webgoat, owasp, owasp-webgoat
-->
<input name="checkoutCode" class="checkoutCode" value=""/>
</div>
</div>
<div class="section" style="padding-bottom:20px;">
<button type="submit" class="btn btn-success"><span style="margin-right:20px"
class="glyphicon glyphicon-shopping-cart"
aria-hidden="true"></span>Buy
</button>
<h6><a href="#"><span class="glyphicon glyphicon-heart-empty"
style="cursor:pointer;"></span>
Like</a></h6>
<div class="section" style="padding-bottom:20px;">
<button type="submit" class="btn btn-success"><span style="margin-right:20px"
class="glyphicon glyphicon-shopping-cart"
aria-hidden="true"></span>Buy
</button>
<h6><a href="#"><span class="glyphicon glyphicon-heart-empty"
style="cursor:pointer;"></span>
Like</a></h6>
</div>
</div>
</div>
</div>
</form>
</form>
</div>
<br/>
<form class="attack-form form-inline" method="POST" name="form" action="/WebGoat/challenge/flag">
<div class="form-group">

53
webgoat-lessons/challenge/src/main/resources/html/Challenge3.html
View File

@ -9,39 +9,42 @@
<script th:src="@{/lesson_js/challenge3.js}" language="JavaScript"></script>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<div class="panel post">
<div class="post-heading">
<div class="pull-left image">
<img th:src="@{/images/avatar1.png}"
class="img-circle avatar" alt="user profile image"/>
</div>
<div class="pull-left meta">
<div class="title h5">
<a href="#"><b>John Doe</b></a>
uploaded a photo.
<div class="container">
<div class="panel post">
<div class="post-heading">
<div class="pull-left image">
<img th:src="@{/images/avatar1.png}"
class="img-circle avatar" alt="user profile image"/>
</div>
<div class="pull-left meta">
<div class="title h5">
<a href="#"><b>John Doe</b></a>
uploaded a photo.
</div>
<h6 class="text-muted time">24 days ago</h6>
</div>
<h6 class="text-muted time">24 days ago</h6>
</div>
</div>
<div class="post-image">
<img th:src="@{images/cat.jpg}" class="image" alt="image post"/>
</div>
<div class="post-image">
<img th:src="@{images/cat.jpg}" class="image" alt="image post"/>
</div>
<div class="post-description">
<div class="post-description">
</div>
<div class="post-footer">
<div class="input-group">
<input class="form-control" id="commentInput" placeholder="Add a comment" type="text"/>
<span class="input-group-addon">
</div>
<div class="post-footer">
<div class="input-group">
<input class="form-control" id="commentInput" placeholder="Add a comment" type="text"/>
<span class="input-group-addon">
<i id="postComment" class="fa fa-edit" style="font-size: 20px"></i>
</span>
</div>
<ul class="comments-list">
<div id="list">
</div>
</ul>
<ul class="comments-list">
<div id="list">
</div>
</ul>
</div>
</div>
</div>

32
webgoat-lessons/challenge/src/main/resources/html/Challenge4.html
View File

@ -9,7 +9,7 @@
<script th:src="@{/lesson_js/challenge4.js}" language="JavaScript"></script>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<div class="container">
<div class="row">
<div class="col-md-6">
<div class="panel panel-login">
@ -32,10 +32,12 @@
action="/WebGoat/challenge/4"
enctype="application/json;charset=UTF-8" role="form">
<div class="form-group">
<input type="text" name="username_login" id="username4" tabindex="1" class="form-control" placeholder="Username" value=""/>
<input type="text" name="username_login" id="username4" tabindex="1"
class="form-control" placeholder="Username" value=""/>
</div>
<div class="form-group">
<input type="password" name="password_login" id="password4" tabindex="2" class="form-control" placeholder="Password"/>
<input type="password" name="password_login" id="password4" tabindex="2"
class="form-control" placeholder="Password"/>
</div>
<div class="form-group text-center">
<input type="checkbox" tabindex="3" class="" name="remember" id="remember"/>
@ -44,7 +46,9 @@
<div class="form-group">
<div class="row">
<div class="col-sm-6 col-sm-offset-3">
<input type="submit" name="login-submit" id="login-submit" tabindex="4" class="form-control btn-primary" value="Log In"/>
<input type="submit" name="login-submit" id="login-submit"
tabindex="4" class="form-control btn-primary"
value="Log In"/>
</div>
</div>
</div>
@ -52,7 +56,8 @@
<div class="row">
<div class="col-lg-12">
<div class="text-center">
<a href="#" tabindex="5" class="forgot-password">Forgot Password?</a>
<a href="#" tabindex="5" class="forgot-password">Forgot
Password?</a>
</div>
</div>
</div>
@ -63,21 +68,27 @@
action="/WebGoat/challenge/4"
enctype="application/json;charset=UTF-8" style="display: none;" role="form">
<div class="form-group">
<input type="text" name="username_reg" id="username" tabindex="1" class="form-control" placeholder="Username" value=""/>
<input type="text" name="username_reg" id="username" tabindex="1"
class="form-control" placeholder="Username" value=""/>
</div>
<div class="form-group">
<input type="email" name="email_reg" id="email" tabindex="1" class="form-control" placeholder="Email Address" value=""/>
<input type="email" name="email_reg" id="email" tabindex="1"
class="form-control" placeholder="Email Address" value=""/>
</div>
<div class="form-group">
<input type="password" name="password_reg" id="password" tabindex="2" class="form-control" placeholder="Password"/>
<input type="password" name="password_reg" id="password" tabindex="2"
class="form-control" placeholder="Password"/>
</div>
<div class="form-group">
<input type="password" name="confirm_password_reg" id="confirm-password" tabindex="2" class="form-control" placeholder="Confirm Password"/>
<input type="password" name="confirm_password_reg" id="confirm-password"
tabindex="2" class="form-control" placeholder="Confirm Password"/>
</div>
<div class="form-group">
<div class="row">
<div class="col-sm-6 col-sm-offset-3">
<input type="submit" name="register-submit" id="register-submit" tabindex="4" class="form-control btn btn-primary" value="Register Now"/>
<input type="submit" name="register-submit" id="register-submit"
tabindex="4" class="form-control btn btn-primary"
value="Register Now"/>
</div>
</div>
</div>
@ -88,6 +99,7 @@
</div>
</div>
</div>
</div>
<br/>
<form class="attack-form form-inline" method="POST" name="form" action="/WebGoat/challenge/flag">
<div class="form-group">

203
webgoat-lessons/challenge/src/main/resources/html/Challenge5.html Normal file
View File

@ -0,0 +1,203 @@
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:Challenge_5.adoc"></div>
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/challenge5.css}"/>
<script th:src="@{/lesson_js/bootstrap.min.js}" language="JavaScript"></script>
<script th:src="@{/lesson_js/challenge5.js}" language="JavaScript"></script>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<div class="container">
<div class="row">
<div class="well">
<div class="user-nav pull-right" id="user-and-info-nav" style="margin-right: 75px;">
<div class="dropdown" style="display:inline">
<button type="button" data-toggle="dropdown" class="btn btn-default dropdown-toggle"
id="user-menu">
<i class="fa fa-user"></i> <span class="caret"></span>
</button>
<ul class="dropdown-menu dropdown-menu-left">
<li role="presentation"><a role="menuitem" tabindex="-1" th:text="Unknown">current</a></li>
<li role="presentation" class="divider"></li>
<li role="presentation"><a role="menuitem" tabindex="-1" th:onclick="'javascript:login(\'' + ${#authentication.name} + '\');'"
th:text="${#authentication.name}">current</a></li>
<li role="presentation"><a role="menuitem" tabindex="-1" onclick="javascript:login('Tom')"
th:text="Tom">current</a></li>
<li role="presentation"><a role="menuitem" tabindex="-1" onclick="javascript:login('Jerry')"
th:text="Jerry">current</a></li>
<li role="presentation"><a role="menuitem" tabindex="-1" onclick="javascript:login('Sylvester')"
th:text="Sylvester">current</a></li>
</ul>
</div>
</div>
<div>
<h3>Vote for your favorite</h3>
</div>
<div class="list-group">
<a href="#" class="list-group-item active">
<div class="media col-md-3">
<figure>
<img class="media-object img-rounded"
th:src="@{/images/challenge1-small.png}"
alt="placehold.it/350x250"/>
</figure>
</div>
<div class="col-md-6">
<h4 class="list-group-item-heading">Admin lost password</h4>
<p class="list-group-item-text">In this challenge you will need to help the admin and
find the password in
order to login
</p>
</div>
<div class="col-md-3 text-center">
<h2> 14240
<small> votes</small>
</h2>
<button type="button" class="btn btn-default btn-lg btn-block"> Vote Now!</button>
<div class="stars">
<span class="glyphicon glyphicon-star"></span>
<span class="glyphicon glyphicon-star"></span>
<span class="glyphicon glyphicon-star"></span>
<span class="glyphicon glyphicon-star"></span>
<span class="glyphicon glyphicon-star-empty"></span>
</div>
<p> Average 4.5
<small> /</small>
5
</p>
</div>
<div class="clearfix"></div>
</a>
<a href="#" class="list-group-item">
<div class="media col-md-3">
<figure>
<img class="media-object img-rounded"
th:src="@{/images/challenge5-small.png}"
alt="placehold.it/350x250"/>
</figure>
</div>
<div class="col-md-6">
<h4 class="list-group-item-heading">Vote for your favourite</h4>
<p class="list-group-item-text">In this challenge.....
</p>
</div>
<div class="col-md-3 text-center">
<h2> 14240
<small> votes</small>
</h2>
<button type="button" class="btn btn-primary btn-lg btn-block">Vote Now!</button>
<div class="stars">
<span class="glyphicon glyphicon-star"></span>
<span class="glyphicon glyphicon-star"></span>
<span class="glyphicon glyphicon-star"></span>
<span class="glyphicon glyphicon-star"></span>
<span class="glyphicon glyphicon-star-empty"></span>
</div>
<p> Average 4.2
<small> /</small>
5
</p>
</div>
<div class="clearfix"></div>
</a>
<a href="#" class="list-group-item">
<div class="media col-md-3">
<figure>
<img class="media-object img-rounded img-responsive"
th:src="@{/images/challenge2-small.png}"
alt="placehold.it/350x250"/>
</figure>
</div>
<div class="col-md-6">
<h4 class="list-group-item-heading">Get is for free</h4>
<p class="list-group-item-text">The objective for this challenge is to buy a Samsung
phone for free.
</p>
</div>
<div class="col-md-3 text-center">
<h2> 12424
<small> votes</small>
</h2>
<button type="button" class="btn btn-primary btn-lg btn-block">Vote Now!</button>
<div class="stars">
<span class="glyphicon glyphicon-star"></span>
<span class="glyphicon glyphicon-star"></span>
<span class="glyphicon glyphicon-star"></span>
<span class="glyphicon glyphicon-star-empty"></span>
<span class="glyphicon glyphicon-star-empty"></span>
</div>
<p> Average 3
<small> /</small>
5
</p>
</div>
<div class="clearfix"></div>
</a>
<a href="#" class="list-group-item">
<div class="media col-xs-12 col-md-3">
<figure>
<img class="media-object img-rounded img-responsive"
th:src="@{/images/challenge3-small.png}"
alt="placehold.it/350x250"/>
</figure>
</div>
<div class="col-md-6">
<h4 class="list-group-item-heading">Photo comments </h4>
<p class="list-group-item-text">In this challenge you can comment on the photo you
will need to find the flag somewhere.
</p>
</div>
<div class="col-md-3 text-center">
<h2> 13540
<small> votes</small>
</h2>
<button type="button" class="btn btn-primary btn-lg btn-block">Vote Now!</button>
<div class="stars">
<span class="glyphicon glyphicon-star"></span>
<span class="glyphicon glyphicon-star"></span>
<span class="glyphicon glyphicon-star"></span>
<span class="glyphicon glyphicon-star"></span>
<span class="glyphicon glyphicon-star-empty"></span>
</div>
<p> Average 4.1
<small> /</small>
5
</p>
</div>
<div class="clearfix"></div>
</a>
</div>
</div>
</div>
</div>
<br/>
<form class="attack-form form-inline" method="POST" name="form" action="/WebGoat/challenge/flag">
<div class="form-group">
<div class="input-group">
<div class="input-group-addon"><i class="fa fa-flag-checkered" aria-hidden="true"
style="font-size:20px"></i></div>
<input type="text" class="form-control" id="flag" name="flag"
placeholder="a7179f89-906b-4fec-9d99-f15b796e7208"/>
</div>
<div class="input-group" style="margin-top: 10px">
<button type="submit" class="btn btn-primary">Submit flag</button>
</div>
</div>
</form>
<br/>
<div class="attack-feedback"></div>
<div class="attack-output"></div>
</div>
</div>
</html>

1
webgoat-lessons/challenge/src/main/resources/i18n/WebGoatLabels.properties
View File

@ -3,6 +3,7 @@ challenge1.title=Admin lost password
challenge2.title=Get it for free
challenge3.title=Photo comments
challenge4.title=Creating a new account
challenge5.title=Voting
challenge.solved=Congratulations, you solved the challenge. Here is your flag: {0}
challenge.close=This is not the correct password for tom, please try again.

BIN
webgoat-lessons/challenge/src/main/resources/images/challenge1-small.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 KiB

BIN
webgoat-lessons/challenge/src/main/resources/images/challenge1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 27 KiB

BIN
webgoat-lessons/challenge/src/main/resources/images/challenge2-small.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

BIN
webgoat-lessons/challenge/src/main/resources/images/challenge2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 164 KiB

BIN
webgoat-lessons/challenge/src/main/resources/images/challenge3-small.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 58 KiB

BIN
webgoat-lessons/challenge/src/main/resources/images/challenge3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 179 KiB

BIN
webgoat-lessons/challenge/src/main/resources/images/challenge4-small.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.3 KiB

BIN
webgoat-lessons/challenge/src/main/resources/images/challenge4.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 28 KiB

BIN
webgoat-lessons/challenge/src/main/resources/images/challenge5-small.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

BIN
webgoat-lessons/challenge/src/main/resources/images/challenge5.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 119 KiB

6
webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

16
webgoat-lessons/challenge/src/main/resources/js/challenge5.js Normal file
View File

@ -0,0 +1,16 @@
$(document).ready(function () {
getVotings()
})
function login(user) {
$.get("votings/login?user=" + user, function (result, status) {
})
}
function getVotings() {
$.get("votings/", function (result, status) {
})
}

1
webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_5.adoc Normal file
View File

@ -0,0 +1 @@
Try to change to a different user, maybe you can find the flag?

12
webgoat-lessons/challenge/src/main/resources/plugin/Challenge/html/Challenge.html
View File

@ -1,12 +0,0 @@
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper">
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
<div class="adoc-content" th:replace="doc:Challenge_content1.adoc"></div>
</div>
</html>

1
webgoat-lessons/challenge/src/main/resources/plugin/Challenge/lessonPlans/en/Challenge_content1.adoc
View File

@ -1 +0,0 @@
This is the challenge

1
webgoat-lessons/challenge/src/main/resources/plugin/i18n/WebGoatLabels.properties
View File

@ -1 +0,0 @@
challenge.title=WebGoat Challenge