217
									
								
								src/main/java/org/owasp/webgoat/lessons/ZipBomb.java
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										217
									
								
								src/main/java/org/owasp/webgoat/lessons/ZipBomb.java
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,217 @@ | ||||
| package org.owasp.webgoat.lessons; | ||||
|  | ||||
| import java.io.File; | ||||
| import java.io.IOException; | ||||
| import java.util.ArrayList; | ||||
| import java.util.Enumeration; | ||||
| import java.util.List; | ||||
| import java.util.zip.ZipEntry; | ||||
| import java.util.zip.ZipException; | ||||
| import java.util.zip.ZipFile; | ||||
|  | ||||
| import org.apache.commons.fileupload.FileItem; | ||||
| import org.apache.commons.fileupload.disk.DiskFileItemFactory; | ||||
| import org.apache.commons.fileupload.servlet.ServletFileUpload; | ||||
| import org.apache.ecs.Element; | ||||
| import org.apache.ecs.ElementContainer; | ||||
| import org.apache.ecs.html.A; | ||||
| import org.apache.ecs.html.Form; | ||||
| import org.apache.ecs.html.IMG; | ||||
| import org.apache.ecs.html.Input; | ||||
| import org.apache.ecs.html.P; | ||||
| import org.owasp.webgoat.session.ECSFactory; | ||||
| import org.owasp.webgoat.session.WebSession; | ||||
|  | ||||
| /******************************************************************************* | ||||
|  *  | ||||
|  *  | ||||
|  * This file is part of WebGoat, an Open Web Application Security Project | ||||
|  * utility. For details, please see http://www.owasp.org/ | ||||
|  *  | ||||
|  * Copyright (c) 2002 - 20014 Bruce Mayhew | ||||
|  *  | ||||
|  * This program is free software; you can redistribute it and/or modify it under | ||||
|  * the terms of the GNU General Public License as published by the Free Software | ||||
|  * Foundation; either version 2 of the License, or (at your option) any later | ||||
|  * version. | ||||
|  *  | ||||
|  * This program is distributed in the hope that it will be useful, but WITHOUT | ||||
|  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS | ||||
|  * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more | ||||
|  * details. | ||||
|  *  | ||||
|  * You should have received a copy of the GNU General Public License along with | ||||
|  * this program; if not, write to the Free Software Foundation, Inc., 59 Temple | ||||
|  * Place - Suite 330, Boston, MA 02111-1307, USA. | ||||
|  *  | ||||
|  * Getting Source ============== | ||||
|  *  | ||||
|  * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository | ||||
|  * for free software projects. | ||||
|  *  | ||||
|  * For details, please see http://webgoat.github.io | ||||
|  *  | ||||
|  * @author Jakub Koperwas of <a href="http://www.sages.com.pl">Sages</a>  | ||||
|  * @created October 31, 2014 | ||||
|  */ | ||||
|  | ||||
| public class ZipBomb extends LessonAdapter { | ||||
| 	public final static A SAGES_LOGO = new A().setHref( | ||||
| 			"http://www.sages.com.pl").addElement( | ||||
| 			new IMG("images/logos/sages.png").setAlt("Sages").setBorder(0) | ||||
| 					.setHspace(0).setVspace(0).setStyle("width:180px; height:60px")); | ||||
|  | ||||
|  | ||||
| 	protected Element createContent(WebSession s) { | ||||
|  | ||||
| 		 | ||||
| 		ElementContainer ec = new ElementContainer(); | ||||
|  | ||||
| 		 | ||||
| 		if ("success".equalsIgnoreCase((String)s.get(ZIP_DOS))){ | ||||
| 			System.out.println("final success"); | ||||
| 			makeSuccess(s); | ||||
| 		} | ||||
| 		try { | ||||
|  | ||||
| 			ec.addElement(new P().addElement("Upload new File")); | ||||
|  | ||||
| 			Input input = new Input(Input.FILE, "myfile", ""); | ||||
| 			ec.addElement(input); | ||||
|  | ||||
| 			Element b = ECSFactory.makeButton("Start Upload"); | ||||
| 			ec.addElement(b); | ||||
|  | ||||
|  | ||||
| 			 | ||||
| 		} catch (Exception e) { | ||||
| 			s.setMessage("Error generating " + this.getClass().getName()); | ||||
| 			e.printStackTrace(); | ||||
| 		} | ||||
|  | ||||
| 		return ec; | ||||
| 	} | ||||
|  | ||||
| 	protected Category getDefaultCategory() { | ||||
| 		return Category.DOS; | ||||
| 	} | ||||
|  | ||||
|  | ||||
| 	public List<String> getHints(WebSession s) { | ||||
| 		List<String> hints = new ArrayList<String>(); | ||||
|  | ||||
| 		hints | ||||
| 				.add("You can upload up to 2MB file at once,see what can you insert INTO the file"); | ||||
|  | ||||
| 		return hints; | ||||
|  | ||||
| 	} | ||||
|  | ||||
| 	public String getInstructions(WebSession s) { | ||||
| 		String instructions = ""; | ||||
|  | ||||
| 	 | ||||
| 			instructions = "Server accepts only ZIP files, \n" | ||||
| 					+ "extracts them after uploading, does something with them and deletes," | ||||
| 					+ "\n it provides 20 MB temporal storage to handle all request \n" | ||||
| 					+ "try do perform DOS attack that consume all  temporal storage with one request"; | ||||
| 		 | ||||
|  | ||||
| 		return (instructions); | ||||
| 	} | ||||
|  | ||||
| 	private final static Integer DEFAULT_RANKING = new Integer(10); | ||||
| 	private static final String ZIP_DOS = "ZIP_DOS"; | ||||
|  | ||||
| 	protected Integer getDefaultRanking() { | ||||
| 		return DEFAULT_RANKING; | ||||
| 	} | ||||
|  | ||||
|  | ||||
|  | ||||
| 	public String getTitle() { | ||||
| 		return ("ZipBomb"); | ||||
| 	} | ||||
|  | ||||
| 	 | ||||
| 	public Element getCredits() { | ||||
| 		return super.getCustomCredits("", SAGES_LOGO); | ||||
| 	} | ||||
|  | ||||
| 	public void handleRequest(WebSession s) { | ||||
| 		File tmpDir=(File)s.getRequest().getServletContext().getAttribute("javax.servlet.context.tempdir"); | ||||
|  | ||||
| 		try { | ||||
| 			if (ServletFileUpload.isMultipartContent(s.getRequest())) { | ||||
|  | ||||
| 				DiskFileItemFactory factory = new DiskFileItemFactory(); | ||||
| 				factory.setSizeThreshold(500000); | ||||
| 				 | ||||
| 				ServletFileUpload upload = new ServletFileUpload(factory); | ||||
|  | ||||
| 				 | ||||
| 				List /* FileItem */items = upload.parseRequest(s.getRequest()); | ||||
|  | ||||
| 				 | ||||
| 				java.util.Iterator iter = items.iterator(); | ||||
| 				while (iter.hasNext()) { | ||||
| 					FileItem item = (FileItem) iter.next(); | ||||
|  | ||||
| 					if (!item.isFormField()) { | ||||
|  | ||||
| 						File uploadedFile= new File(tmpDir, item.getName()); | ||||
| 						 | ||||
| 						if (item.getSize() < 2000 * 1024) { | ||||
| 							if (item.getName().endsWith(".zip")) { | ||||
| 								item.write(uploadedFile); | ||||
|  | ||||
| 								long total = unzippedSize(uploadedFile); | ||||
| 								s.setMessage("File uploaded"); | ||||
| 								if (total > 20 * 1024 * 1024) { | ||||
| 									s.add(ZIP_DOS, "success"); | ||||
| 									System.out.println("success"); | ||||
| 									makeMessages(s); | ||||
| 								}else{ | ||||
| 									s.setMessage("I still have plenty of free storage on the server..."); | ||||
| 								} | ||||
|  | ||||
| 							} else { | ||||
| 								s.setMessage("Only ZIP files are accepted"); | ||||
| 							} | ||||
| 						} else { | ||||
| 							s.setMessage("Only up to 2 MB files are accepted"); | ||||
| 						} | ||||
| 					} | ||||
| 				} | ||||
|  | ||||
| 			} | ||||
| 			 Form form = new Form(getFormAction(), Form.POST).setName("form") | ||||
| 		                .setEncType("multipart/form-data"); | ||||
|  | ||||
| 		     form.addElement(createContent(s)); | ||||
|  | ||||
| 		     setContent(form); | ||||
|  | ||||
| 		} catch (Exception e) { | ||||
| 			e.printStackTrace(System.out); | ||||
| 		} | ||||
| 	} | ||||
|  | ||||
| 	private long unzippedSize(File uploadedFile) throws ZipException, | ||||
| 			IOException { | ||||
| 		ZipFile zf = new ZipFile(uploadedFile); | ||||
|  | ||||
| 		long total = 0; | ||||
| 		Enumeration e = zf.entries(); | ||||
| 		while (e.hasMoreElements()) { | ||||
| 			ZipEntry entry = (ZipEntry) e.nextElement(); | ||||
|  | ||||
| 			total += entry.getSize(); | ||||
|  | ||||
| 		} | ||||
| 		return total; | ||||
| 	} | ||||
|  | ||||
| 	 | ||||
| 	 | ||||
| } | ||||
							
								
								
									
										
											BIN
										
									
								
								src/main/webapp/images/logos/sages.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										
											BIN
										
									
								
								src/main/webapp/images/logos/sages.png
									
									
									
									
									
										Normal file
									
								
							
										
											Binary file not shown.
										
									
								
							| After Width: | Height: | Size: 6.3 KiB | 
		Reference in New Issue
	
	Block a user