From 2bd6b3621092ed4b7d8a2156095d579cbe2094fe Mon Sep 17 00:00:00 2001
From: Nanne Baars <nanne.baars@owasp.org>
Date: Tue, 2 Nov 2021 14:01:17 +0100
Subject: [PATCH] Fix layout assignment 2

---
 .../MissingFunctionACHiddenMenus.java         |   1 -
 .../src/main/resources/css/ac.css             |  30 -----
 .../resources/html/MissingFunctionAC.html     | 124 ++++++++++--------
 .../main/resources/js/missing-function-ac.js  |   6 -
 ...issing-function-ac-02-client-controls.adoc |   6 +-
 5 files changed, 70 insertions(+), 97 deletions(-)
 delete mode 100644 webgoat-lessons/missing-function-ac/src/main/resources/css/ac.css
 delete mode 100644 webgoat-lessons/missing-function-ac/src/main/resources/js/missing-function-ac.js

diff --git a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACHiddenMenus.java b/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACHiddenMenus.java
index 160aca0e1..baa487694 100644
--- a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACHiddenMenus.java
+++ b/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACHiddenMenus.java
@@ -45,7 +45,6 @@ public class MissingFunctionACHiddenMenus extends AssignmentEndpoint {
     @PostMapping(path = "/access-control/hidden-menu", produces = {"application/json"})
     @ResponseBody
     public AttackResult completed(String hiddenMenu1, String hiddenMenu2) {
-        //overly simple example for success. See other existing lesssons for ways to detect 'success' or 'failure'
         if (hiddenMenu1.equals("Users") && hiddenMenu2.equals("Config")) {
             return success(this)
                     .output("")
diff --git a/webgoat-lessons/missing-function-ac/src/main/resources/css/ac.css b/webgoat-lessons/missing-function-ac/src/main/resources/css/ac.css
deleted file mode 100644
index ae659093a..000000000
--- a/webgoat-lessons/missing-function-ac/src/main/resources/css/ac.css
+++ /dev/null
@@ -1,30 +0,0 @@
-.hidden-menu-item {
-    display:none;
-    visibility:hidden;
-}
-
-#ac-menu li {
-    list-style-type: none;
-    background-color: #aaa;
-    width: auto;
-    max-width: 20%;
-}
-
-#ac-menu li:hover {
-    color: white;
-    background-color: #333;
-}
-
-#ac-menu div {
-    margin-bottom: -60px;
-    margin-top: -10px;
-}
-
-#ac-menu h3 {
-    color:white;
-    background-color:#666;
-}
-
-#ac-menu-wrapper {
-    border-bottom: 2px solid #444;
-}
diff --git a/webgoat-lessons/missing-function-ac/src/main/resources/html/MissingFunctionAC.html b/webgoat-lessons/missing-function-ac/src/main/resources/html/MissingFunctionAC.html
index b0589c439..c3465584c 100644
--- a/webgoat-lessons/missing-function-ac/src/main/resources/html/MissingFunctionAC.html
+++ b/webgoat-lessons/missing-function-ac/src/main/resources/html/MissingFunctionAC.html
@@ -1,82 +1,92 @@
 <html xmlns:th="http://www.thymeleaf.org">
 
-    <div class="lesson-page-wrapper">
-        <div class="adoc-content" th:replace="doc:missing-function-ac-01-intro.adoc"></div>
-    </div>
+<div class="lesson-page-wrapper">
+    <div class="adoc-content" th:replace="doc:missing-function-ac-01-intro.adoc"></div>
+</div>
 
-    <div class="lesson-page-wrapper">
-        <div class="adoc-content" th:replace="doc:missing-function-ac-02-client-controls.adoc"></div>
-        <link rel="stylesheet" type="text/css" th:href="@{/lesson_css/ac.css}"/>
-        <script th:src="@{/lesson_js/missing-function-ac.js}" > </script>
+<div class="lesson-page-wrapper">
+    <div class="adoc-content" th:replace="doc:missing-function-ac-02-client-controls.adoc"></div>
 
-        <div class="attack-container">
-            <div id="ac-menu-wrapper">
-                <div id="ac-menu">
-                    <h3 class="menu-header">Account</h3>
-                    <div class="menu-section">
-                        <ul>
-                            <li>My Profile</li>
-                            <li>Privacy/Security</li>
-                            <li>Log Out</li>
-                        </ul>
-                    </div>
-                    <h3 class="menu-header">Messages</h3>
-                        <div class="menu-section">
-                            <ul>
-                                <li>Unread Messages (3)</li>
-                                <li>Compose Message</li>
+    <div class="attack-container">
+        <nav class="navbar navbar-default">
+            <div class="container-fluid">
+
+                <div class="navbar-header">
+                    <a class="navbar-brand" href="#">WebGoat</a>
+                </div>
+
+                <div class="collapse navbar-collapse" id="alignment-example">
+
+                    <!-- Links -->
+                    <ul class="nav navbar-nav">
+                        <li class="dropdown">
+                            <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Account<span class="caret"></span></a>
+                            <ul class="dropdown-menu" aria-labelledby="about-us">
+                                <li><a href="#">My Profile</a></li>
+                                <li><a href="#">Privacy/Security</a></li>
+                                <li><a href="#">Log Out</a></li>
                             </ul>
-                        </div>
-                    <h3 class="hidden-menu-item menu-header">Admin</h3>
-                        <div class="menu-section hidden-menu-item">
-                            <ul>
+                        </li>
+                        <li class="dropdown">
+                            <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Messages<span class="caret"></span></a>
+                            <ul class="dropdown-menu" aria-labelledby="messages">
+                                <li><a href="#">Unread Messages (3)</a></li>
+                                <li><a href="#">Compose Message</a></li>
+                            </ul>
+                        </li>
+                        <li class="hidden-menu-item dropdown">
+                            <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Admin<span class="caret"></span></a>
+                            <ul class="dropdown-menu" aria-labelledby="admin">
                                 <li><a href="/users">Users</a></li>
                                 <li><a href="/config">Config</a></li>
                             </ul>
-                        </div>
+                        </li>
+                    </ul>
                 </div>
+
             </div>
+        </nav>
 
+        <br/>
+
+        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
+        <form class="attack-form" accept-charset="UNKNOWN"
+              method="POST" name="form"
+              action="/WebGoat/access-control/hidden-menu">
+
+            <p>Hidden item 1 <input name="hiddenMenu1" value="" type="TEXT"/></p>
+            <p>Hidden item 2 <input name="hiddenMenu2" value="" type="TEXT"/></p>
             <br/>
+            <input name="submit" value="Submit" type="SUBMIT"/>
 
-            <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
-            <form class="attack-form" accept-charset="UNKNOWN"
-                  method="POST" name="form"
-                  action="/WebGoat/access-control/hidden-menu">
-
-                <p>Hidden Item 1 <input name="hiddenMenu1" value="" type="TEXT" /></p>
-                <p>Hidden Item 2 <input name="hiddenMenu2" value="" type="TEXT" /></p>
-                <br/>
-                <input name="submit" value="Submit" type="SUBMIT"/>
-
-            </form>
-
-            <div class="attack-feedback"></div>
-            <div class="attack-output"></div>
-        </div>
+        </form>
 
+        <div class="attack-feedback"></div>
+        <div class="attack-output"></div>
     </div>
 
-    <div class="lesson-page-wrapper">
+</div>
 
-        <div class="adoc-content" th:replace="doc:missing-function-ac-03-users.adoc"></div>
+<div class="lesson-page-wrapper">
 
-        <div class="attack-container">
-            <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
-            <form class="attack-form" accept-charset="UNKNOWN"
-                  method="POST" name="form"
-                  action="/WebGoat/access-control/user-hash">
+    <div class="adoc-content" th:replace="doc:missing-function-ac-03-users.adoc"></div>
 
-                <p>Your Hash: <input name="userHash" value="" type="TEXT" /></p>
-                <br/>
-                <input name="submit" value="Submit" type="SUBMIT"/>
+    <div class="attack-container">
+        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
+        <form class="attack-form" accept-charset="UNKNOWN"
+              method="POST" name="form"
+              action="/WebGoat/access-control/user-hash">
 
-            </form>
+            <p>Your Hash: <input name="userHash" value="" type="TEXT"/></p>
+            <br/>
+            <input name="submit" value="Submit" type="SUBMIT"/>
 
-            <div class="attack-feedback"></div>
-            <div class="attack-output"></div>
-        </div>
+        </form>
 
+        <div class="attack-feedback"></div>
+        <div class="attack-output"></div>
     </div>
 
+</div>
+
 </html>
diff --git a/webgoat-lessons/missing-function-ac/src/main/resources/js/missing-function-ac.js b/webgoat-lessons/missing-function-ac/src/main/resources/js/missing-function-ac.js
deleted file mode 100644
index 0f98933b5..000000000
--- a/webgoat-lessons/missing-function-ac/src/main/resources/js/missing-function-ac.js
+++ /dev/null
@@ -1,6 +0,0 @@
-webgoat.customjs.accessControlMenu = function() {
-    //webgoat.customjs.jquery('#ac-menu-ul').menu();
-    webgoat.customjs.jquery('#ac-menu').accordion();
-}
-
-webgoat.customjs.accessControlMenu();
\ No newline at end of file
diff --git a/webgoat-lessons/missing-function-ac/src/main/resources/lessonPlans/en/missing-function-ac-02-client-controls.adoc b/webgoat-lessons/missing-function-ac/src/main/resources/lessonPlans/en/missing-function-ac-02-client-controls.adoc
index 6c8441bcb..19a13c0e2 100644
--- a/webgoat-lessons/missing-function-ac/src/main/resources/lessonPlans/en/missing-function-ac-02-client-controls.adoc
+++ b/webgoat-lessons/missing-function-ac/src/main/resources/lessonPlans/en/missing-function-ac-02-client-controls.adoc
@@ -1,9 +1,9 @@
-== Relying on Obscurity
+== Relying on obscurity
 
 One could rely on HTML, CSS, or javascript to hide links that users don't normally access.
 In the past, a network router tried to protect (hide) admin functionality with javascript in the UI: https://www.wired.com/2009/10/routers-still-vulnerable.
 
-=== Finding Hidden Items
+=== Finding hidden items
 
 There are usually hints to finding functionality the UI does not openly expose in:
 
@@ -11,6 +11,6 @@ There are usually hints to finding functionality the UI does not openly expose i
 * Commented out elements
 * Items hidden via CSS controls/classes
 
-=== Your Mission
+=== Your mission
 
 Find two invisible menu items in the menu below that are or would be of interest to an attacker/malicious user and submit the labels for those menu items (there are no links right now in the menus).
\ No newline at end of file