diff --git a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingLesson5a.java b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingLesson5a.java
index 6078f7418..69e0f4431 100644
--- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingLesson5a.java
+++ b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingLesson5a.java
@@ -53,8 +53,21 @@ import org.springframework.web.bind.annotation.ResponseBody;
public class CrossSiteScriptingLesson5a extends Assignment {
@RequestMapping(method = RequestMethod.POST)
- public @ResponseBody AttackResult completed(@RequestParam String account, HttpServletRequest request) throws IOException {
- return injectableQuery(account);
+ public @ResponseBody AttackResult completed(@RequestParam Integer QTY1,
+ @RequestParam Integer QTY2, @RequestParam Integer QTY3,
+ @RequestParam Integer QTY4, @RequestParam String field1,
+ @RequestParam Integer field2, HttpServletRequest request)
+ throws IOException {
+ System.out.println("foo");
+ // Should add some QTY validation here. Someone could have fun and enter a negative quantity and get merchanidise and a refund :)
+ double totalSale = QTY1.intValue() * 69.99 + QTY2.intValue() * 27.99 + QTY3.intValue() * 1599.99 + QTY4.intValue() * 299.99;
+
+ StringBuffer cart = new StringBuffer();
+ cart.append("Thank you for shopping at WebGoat.
You're support is appreciated
");
+ cart.append("We have chaged credit card:" + field1 + "
");
+ cart.append( " -------------------
");
+ cart.append( " $" + totalSale);
+ return trackProgress(AttackResult.failed(cart.toString()));
}
@Override
@@ -62,169 +75,4 @@ public class CrossSiteScriptingLesson5a extends Assignment {
return "/CrossSiteScripting/attack5a";
}
-
- protected AttackResult injectableQuery(String accountName)
- {
- try
- {
- Connection connection = DatabaseUtilities.getConnection(getWebSession());
- String query = "SELECT * FROM user_data WHERE last_name = '" + accountName + "'";
-
- try
- {
- Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
- ResultSet.CONCUR_READ_ONLY);
- ResultSet results = statement.executeQuery(query);
-
- if ((results != null) && (results.first() == true))
- {
- ResultSetMetaData resultsMetaData = results.getMetaData();
- StringBuffer output = new StringBuffer();
-
- output.append(writeTable(results, resultsMetaData));
- results.last();
-
- // If they get back more than one user they succeeded
- if (results.getRow() >= 6)
- {
- return trackProgress(AttackResult.success("You have succeed: " + output.toString()));
- } else {
- return trackProgress(AttackResult.failed("You are close, try again. " + output.toString()));
- }
-
- }
- else
- {
- return trackProgress(AttackResult.failed("No Results Matched. Try Again. "));
-
- }
- } catch (SQLException sqle)
- {
-
- return trackProgress(AttackResult.failed(sqle.getMessage()));
- }
- } catch (Exception e)
- {
- e.printStackTrace();
- return trackProgress(AttackResult.failed( "ErrorGenerating" + this.getClass().getName() + " : " + e.getMessage()));
- }
- }
-
- public String writeTable(ResultSet results, ResultSetMetaData resultsMetaData) throws IOException,
- SQLException
- {
- int numColumns = resultsMetaData.getColumnCount();
- results.beforeFirst();
- StringBuffer t = new StringBuffer();
- t.append("
");
-
- if (results.next())
- {
- for (int i = 1; i < (numColumns + 1); i++)
- {
- t.append(resultsMetaData.getColumnName(i));
- t.append(", ");
- }
-
- t.append("
");
- results.beforeFirst();
-
- while (results.next())
- {
-
- for (int i = 1; i < (numColumns + 1); i++)
- {
- t.append(results.getString(i));
- t.append(", ");
- }
-
- t.append("
");
- }
-
- }
- else
- {
- t.append ("Query Successful; however no data was returned from this query.");
- }
-
- t.append("
");
- return (t.toString());
- }
-//
-// protected Element parameterizedQuery(WebSession s)
-// {
-// ElementContainer ec = new ElementContainer();
-//
-// ec.addElement(getLabelManager().get("StringSqlInjectionSecondStage"));
-// if (s.getParser().getRawParameter(ACCT_NAME, "YOUR_NAME").equals("restart"))
-// {
-// getLessonTracker(s).getLessonProperties().setProperty(STAGE, "1");
-// return (injectableQuery(s));
-// }
-//
-// ec.addElement(new BR());
-//
-// try
-// {
-// Connection connection = DatabaseUtilities.getConnection(s);
-//
-// ec.addElement(makeAccountLine(s));
-//
-// String query = "SELECT * FROM user_data WHERE last_name = ?";
-// ec.addElement(new PRE(query));
-//
-// try
-// {
-// PreparedStatement statement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
-// ResultSet.CONCUR_READ_ONLY);
-// statement.setString(1, accountName);
-// ResultSet results = statement.executeQuery();
-//
-// if ((results != null) && (results.first() == true))
-// {
-// ResultSetMetaData resultsMetaData = results.getMetaData();
-// ec.addElement(DatabaseUtilities.writeTable(results, resultsMetaData));
-// results.last();
-//
-// // If they get back more than one user they succeeded
-// if (results.getRow() >= 6)
-// {
-// makeSuccess(s);
-// }
-// }
-// else
-// {
-// ec.addElement(getLabelManager().get("NoResultsMatched"));
-// }
-// } catch (SQLException sqle)
-// {
-// ec.addElement(new P().addElement(sqle.getMessage()));
-// }
-// } catch (Exception e)
-// {
-// s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName());
-// e.printStackTrace();
-// }
-//
-// return (ec);
-// }
-//
-// protected Element makeAccountLine(WebSession s)
-// {
-// ElementContainer ec = new ElementContainer();
-// ec.addElement(new P().addElement(getLabelManager().get("EnterLastName")));
-//
-// accountName = s.getParser().getRawParameter(ACCT_NAME, "Your Name");
-// Input input = new Input(Input.TEXT, ACCT_NAME, accountName.toString());
-// ec.addElement(input);
-//
-// Element b = ECSFactory.makeButton(getLabelManager().get("Go!"));
-// ec.addElement(b);
-//
-// return ec;
-//
-// }
-
-
-
-}
+}
\ No newline at end of file
diff --git a/webgoat-lessons/cross-site-scripting/src/main/resources/plugin/CrossSiteScripting/html/CrossSiteScripting.html b/webgoat-lessons/cross-site-scripting/src/main/resources/plugin/CrossSiteScripting/html/CrossSiteScripting.html
index f62b43a90..1e1001411 100644
--- a/webgoat-lessons/cross-site-scripting/src/main/resources/plugin/CrossSiteScripting/html/CrossSiteScripting.html
+++ b/webgoat-lessons/cross-site-scripting/src/main/resources/plugin/CrossSiteScripting/html/CrossSiteScripting.html
@@ -139,12 +139,12 @@
| Enter your credit card number: |
- |
| Enter your three digit access code: |
- |
+ |
|