Blind XXE lesson blocks including the file in the comment directly

This commit is contained in:
Nanne Baars 2020-10-20 22:01:06 +02:00 committed by Nanne Baars
parent 641d75e734
commit 41879c4603
2 changed files with 13 additions and 0 deletions

View File

@ -83,6 +83,9 @@ public class BlindSendFileAssignment extends AssignmentEndpoint {
try { try {
Comment comment = comments.parseXml(commentStr); Comment comment = comments.parseXml(commentStr);
if (CONTENTS.contains(comment.getText())) {
comment.setText("Nice try, you need to send the file to WebWolf");
}
comments.addComment(comment, false); comments.addComment(comment, false);
} catch (Exception e) { } catch (Exception e) {
return failed(this).output(e.toString()).build(); return failed(this).output(e.toString()).build();

View File

@ -74,6 +74,16 @@ public class BlindSendFileAssignmentTest extends LessonTest {
.andExpect(jsonPath("$.output", CoreMatchers.startsWith("javax.xml.bind.UnmarshalException\\n - with linked exception:\\n[javax.xml.stream.XMLStreamException: ParseError at [row,col]:[1,22]\\nMessage:"))); .andExpect(jsonPath("$.output", CoreMatchers.startsWith("javax.xml.bind.UnmarshalException\\n - with linked exception:\\n[javax.xml.stream.XMLStreamException: ParseError at [row,col]:[1,22]\\nMessage:")));
} }
@Test
public void simpleXXEShouldNotWork() throws Exception {
File targetFile = new File(webGoatHomeDirectory, "/XXE/secret.txt");
String content = "<?xml version=\"1.0\" standalone=\"yes\" ?><!DOCTYPE user [<!ENTITY root SYSTEM \"file:///%s\"> ]><comment><text>&root;</text></comment>";
mockMvc.perform(MockMvcRequestBuilders.post("/xxe/blind")
.content(String.format(content, targetFile.toString())))
.andExpect(status().isOk());
assertThat(comments.getComments().iterator().next().getText()).isEqualTo("Nice try, you need to send the file to WebWolf");
}
@Test @Test
public void solve() throws Exception { public void solve() throws Exception {
File targetFile = new File(webGoatHomeDirectory, "/XXE/secret.txt"); File targetFile = new File(webGoatHomeDirectory, "/XXE/secret.txt");