dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Blind XXE lesson blocks including the file in the comment directly

Browse Source
This commit is contained in:
Nanne Baars
2020-10-20 22:01:06 +02:00
committed by Nanne Baars
parent 641d75e734
commit 41879c4603
2 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/BlindSendFileAssignment.java
View File

@ -83,6 +83,9 @@ public class BlindSendFileAssignment extends AssignmentEndpoint {
try {
Comment comment = comments.parseXml(commentStr);
if (CONTENTS.contains(comment.getText())) {
comment.setText("Nice try, you need to send the file to WebWolf");
}
comments.addComment(comment, false);
} catch (Exception e) {
return failed(this).output(e.toString()).build();