Blind XXE lesson blocks including the file in the comment directly
This commit is contained in:
		| @ -83,6 +83,9 @@ public class BlindSendFileAssignment extends AssignmentEndpoint { | ||||
|  | ||||
|         try { | ||||
|             Comment comment = comments.parseXml(commentStr); | ||||
|             if (CONTENTS.contains(comment.getText())) { | ||||
|                 comment.setText("Nice try, you need to send the file to WebWolf"); | ||||
|             } | ||||
|             comments.addComment(comment, false); | ||||
|         } catch (Exception e) { | ||||
|             return failed(this).output(e.toString()).build(); | ||||
|  | ||||
| @ -74,6 +74,16 @@ public class BlindSendFileAssignmentTest extends LessonTest { | ||||
|                 .andExpect(jsonPath("$.output", CoreMatchers.startsWith("javax.xml.bind.UnmarshalException\\n - with linked exception:\\n[javax.xml.stream.XMLStreamException: ParseError at [row,col]:[1,22]\\nMessage:"))); | ||||
|     } | ||||
|  | ||||
|     @Test | ||||
|     public void simpleXXEShouldNotWork() throws Exception { | ||||
|         File targetFile = new File(webGoatHomeDirectory, "/XXE/secret.txt"); | ||||
|         String content = "<?xml version=\"1.0\" standalone=\"yes\" ?><!DOCTYPE user [<!ENTITY root SYSTEM \"file:///%s\"> ]><comment><text>&root;</text></comment>"; | ||||
|         mockMvc.perform(MockMvcRequestBuilders.post("/xxe/blind") | ||||
|                 .content(String.format(content, targetFile.toString()))) | ||||
|                 .andExpect(status().isOk()); | ||||
|         assertThat(comments.getComments().iterator().next().getText()).isEqualTo("Nice try, you need to send the file to WebWolf"); | ||||
|     } | ||||
|  | ||||
|     @Test | ||||
|     public void solve() throws Exception { | ||||
|         File targetFile = new File(webGoatHomeDirectory, "/XXE/secret.txt"); | ||||
|  | ||||
		Reference in New Issue
	
	Block a user