fix: Stored Cross-Site Scripting Lesson
This commit is contained in:
Àngel Ollé Blázquez
@ -35,6 +35,6 @@ public class CrossSiteScripting extends Lesson {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String getTitle() {
|
public String getTitle() {
|
||||||
return "xss.title";
|
return "4.xss.title";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -24,7 +24,9 @@ package org.owasp.webgoat.lessons.xss.stored;
|
|||||||
|
|
||||||
import org.owasp.webgoat.container.lessons.Category;
|
import org.owasp.webgoat.container.lessons.Category;
|
||||||
import org.owasp.webgoat.container.lessons.Lesson;
|
import org.owasp.webgoat.container.lessons.Lesson;
|
||||||
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
|
@Component
|
||||||
public class CrossSiteScriptingStored extends Lesson {
|
public class CrossSiteScriptingStored extends Lesson {
|
||||||
@Override
|
@Override
|
||||||
public Category getDefaultCategory() {
|
public Category getDefaultCategory() {
|
||||||
@ -33,6 +35,6 @@ public class CrossSiteScriptingStored extends Lesson {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String getTitle() {
|
public String getTitle() {
|
||||||
return "xss-stored.title";
|
return "5.xss-stored.title";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -34,7 +34,6 @@ import org.springframework.web.bind.annotation.RestController;
|
|||||||
@RestController
|
@RestController
|
||||||
public class StoredCrossSiteScriptingVerifier extends AssignmentEndpoint {
|
public class StoredCrossSiteScriptingVerifier extends AssignmentEndpoint {
|
||||||
|
|
||||||
// TODO This assignment seems not to be in use in the UI
|
|
||||||
@PostMapping("/CrossSiteScriptingStored/stored-xss-follow-up")
|
@PostMapping("/CrossSiteScriptingStored/stored-xss-follow-up")
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
public AttackResult completed(@RequestParam String successMessage) {
|
public AttackResult completed(@RequestParam String successMessage) {
|
||||||
@ -47,8 +46,3 @@ public class StoredCrossSiteScriptingVerifier extends AssignmentEndpoint {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// something like ...
|
|
||||||
// http://localhost:8080/WebGoat/start.mvc#test/testParam=foobar&_someVar=234902384lotslsfjdOf9889080GarbageHere%3Cscript%3Ewebgoat.customjs.phoneHome();%3C%2Fscript%3E
|
|
||||||
// or
|
|
||||||
// http://localhost:8080/WebGoat/start.mvc#test/testParam=foobar&_someVar=234902384lotslsfjdOf9889080GarbageHere<script>webgoat.customjs.phoneHome();<%2Fscript>
|
|
||||||
|
|||||||
@ -72,7 +72,6 @@ public class StoredXssComments extends AssignmentEndpoint {
|
|||||||
"Can you post a comment, calling webgoat.customjs.phoneHome() ?"));
|
"Can you post a comment, calling webgoat.customjs.phoneHome() ?"));
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO This assignment seems not to be in use in the UI
|
|
||||||
@GetMapping(
|
@GetMapping(
|
||||||
path = "/CrossSiteScriptingStored/stored-xss",
|
path = "/CrossSiteScriptingStored/stored-xss",
|
||||||
produces = MediaType.APPLICATION_JSON_VALUE,
|
produces = MediaType.APPLICATION_JSON_VALUE,
|
||||||
@ -89,7 +88,6 @@ public class StoredXssComments extends AssignmentEndpoint {
|
|||||||
return allComments;
|
return allComments;
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO This assignment seems not to be in use in the UI
|
|
||||||
@PostMapping("/CrossSiteScriptingStored/stored-xss")
|
@PostMapping("/CrossSiteScriptingStored/stored-xss")
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
public AttackResult createNewComment(@RequestBody String commentStr) {
|
public AttackResult createNewComment(@RequestBody String commentStr) {
|
||||||
|
|||||||
@ -67,7 +67,7 @@
|
|||||||
|
|
||||||
<form class="attack-form" accept-charset="UNKNOWN"
|
<form class="attack-form" accept-charset="UNKNOWN"
|
||||||
method="POST" name="DOMFollowUp"
|
method="POST" name="DOMFollowUp"
|
||||||
action="/WebGoat/CrossSiteScripting/stored-xss-follow-up">
|
action="/WebGoat/CrossSiteScriptingStored/stored-xss-follow-up">
|
||||||
<input name="successMessage" value="" type="TEXT" />
|
<input name="successMessage" value="" type="TEXT" />
|
||||||
<input name="submitMessage" value="Submit" type="SUBMIT"/>
|
<input name="submitMessage" value="Submit" type="SUBMIT"/>
|
||||||
</form>
|
</form>
|
||||||
|
|||||||
@ -1,7 +1,8 @@
|
|||||||
# XSS success, failure messages and hints
|
# XSS success, failure messages and hints
|
||||||
xss.title=Cross Site Scripting
|
4.xss.title=Cross Site Scripting
|
||||||
xss-stored.title=Cross Site Scripting (stored)
|
5.xss-stored.title=Cross Site Scripting (stored)
|
||||||
xss-mitigation.title=Cross Site Scripting (mitigation)
|
xss-mitigation.title=Cross Site Scripting (mitigation)
|
||||||
|
|
||||||
xss-reflected-5a-success-alert=Congratulations, but alerts are not very impressive are they? Let's continue to the next assignment.
|
xss-reflected-5a-success-alert=Congratulations, but alerts are not very impressive are they? Let's continue to the next assignment.
|
||||||
xss-reflected-5a-success-console=Congratulations, but console logs are not very impressive are they? Let's continue to the next assignment.
|
xss-reflected-5a-success-console=Congratulations, but console logs are not very impressive are they? Let's continue to the next assignment.
|
||||||
xss-reflected-5a-failed-wrong-field=Seems like you tried to compromise our shop with an reflected XSS attack.<br/> We do our... "best"... to prevent such attacks. Try again!
|
xss-reflected-5a-failed-wrong-field=Seems like you tried to compromise our shop with an reflected XSS attack.<br/> We do our... "best"... to prevent such attacks. Try again!
|
||||||
|
|||||||
@ -3,7 +3,7 @@ $(document).ready(function () {
|
|||||||
var commentInput = $("#commentInput").val();
|
var commentInput = $("#commentInput").val();
|
||||||
$.ajax({
|
$.ajax({
|
||||||
type: 'POST',
|
type: 'POST',
|
||||||
url: 'CrossSiteScripting/stored-xss',
|
url: '/WebGoat/CrossSiteScriptingStored/stored-xss',
|
||||||
data: JSON.stringify({text: commentInput}),
|
data: JSON.stringify({text: commentInput}),
|
||||||
contentType: "application/json",
|
contentType: "application/json",
|
||||||
dataType: 'json'
|
dataType: 'json'
|
||||||
@ -32,7 +32,7 @@ $(document).ready(function () {
|
|||||||
|
|
||||||
function getChallenges() {
|
function getChallenges() {
|
||||||
$("#list").empty();
|
$("#list").empty();
|
||||||
$.get('CrossSiteScripting/stored-xss', function (result, status) {
|
$.get('/WebGoat/CrossSiteScriptingStored/stored-xss', function (result, status) {
|
||||||
for (var i = 0; i < result.length; i++) {
|
for (var i = 0; i < result.length; i++) {
|
||||||
var comment = html.replace('USER', result[i].user);
|
var comment = html.replace('USER', result[i].user);
|
||||||
comment = comment.replace('DATETIME', result[i].dateTime);
|
comment = comment.replace('DATETIME', result[i].dateTime);
|
||||||
|
|||||||
Reference in New Issue
Block a user