diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge3/Challenge3.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge3/Challenge3.java index b1d22364a..d5f94e774 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge3/Challenge3.java +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge3/Challenge3.java @@ -29,7 +29,7 @@ import static org.springframework.web.bind.annotation.RequestMethod.POST; * @author nbaars * @since 4/8/17. */ -@AssignmentPath("/challenge3") +@AssignmentPath("/challenge/3") public class Challenge3 extends AssignmentEndpoint { @Autowired diff --git a/webgoat-lessons/challenge/src/main/resources/html/Challenge.html b/webgoat-lessons/challenge/src/main/resources/html/Challenge.html index e1baebd44..c909915bf 100644 --- a/webgoat-lessons/challenge/src/main/resources/html/Challenge.html +++ b/webgoat-lessons/challenge/src/main/resources/html/Challenge.html @@ -250,5 +250,106 @@ </div> </div> +<div class="lesson-page-wrapper"> + <div class="adoc-content" th:replace="doc:Challenge_4.adoc"></div> + <link rel="stylesheet" type="text/css" th:href="@{/lesson_css/challenge2.css}"/> + <script th:src="@{/lesson_js/challenge2.js}" language="JavaScript"></script> + <div class="attack-container"> + <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> + <form class="attack-form" accept-charset="UNKNOWN" + method="POST" name="form" + action="/WebGoat/challenge/4" + enctype="application/json;charset=UTF-8"> + + <input id="discount" type="hidden" value="0"/> + <div class="row"> + + <div class="col-xs-3 item-photo"> + <img style="max-width:100%;" th:src="@{/images/samsung-black.jpg}"/> + </div> + <div class="col-xs-5" style="border:0px solid gray"> + <h3>Samsung Galaxy S8</h3> + <h5 style="color:#337ab7"><a href="http://www.samsung.com">Samsung</a> ยท + <small style="color:#337ab7">(124421 reviews)</small> + </h5> + + <h6 class="title-price"> + <small>PRICE</small> + </h6> + <h3 style="margin-top:0px;"><span>US $</span><span id="price">899</span></h3> + + <div class="section"> + <h6 class="title-attr" style="margin-top:15px;"> + <small>COLOR</small> + </h6> + <div> + <div class="attr" style="width:25px;background:lightgrey;"></div> + <div class="attr" style="width:25px;background:black;"></div> + </div> + </div> + <div class="section" style="padding-bottom:5px;"> + <h6 class="title-attr"> + <small>CAPACITY</small> + </h6> + <div> + <div class="attr2">64 GB</div> + <div class="attr2">128 GB</div> + </div> + </div> + <div class="section" style="padding-bottom:5px;"> + <h6 class="title-attr"> + <small>QUANTITY</small> + </h6> + <div> + <div class="btn-minus"><span class="glyphicon glyphicon-minus"></span></div> + <input class="quantity" value="1"/> + <div class="btn-plus"><span class="glyphicon glyphicon-plus"></span></div> + </div> + </div> + + <div class="section" style="padding-bottom:5px;"> + <h6 class="title-attr"> + <small>CHECKOUT CODE</small> + </h6> + <!-- + Checkout code: webgoat, owasp, owasp-webgoat + --> + <input name="checkoutCode" class="checkoutCode" value=""/> + + </div> + + <div class="section" style="padding-bottom:20px;"> + <button type="submit" class="btn btn-success"><span style="margin-right:20px" + class="glyphicon glyphicon-shopping-cart" + aria-hidden="true"></span>Buy + </button> + <h6><a href="#"><span class="glyphicon glyphicon-heart-empty" + style="cursor:pointer;"></span> + Like</a></h6> + </div> + </div> + </div> + + </form> + <br/> + <div> + <form class="form-inline" method="POST" name="form" action="/WebGoat/challenge/flag"> + <div class="form-group"> + <div class="input-group"> + <div class="input-group-addon"><i class="fa fa-flag-checkered" aria-hidden="true" + style="font-size:20px"></i></div> + <input type="text" class="form-control" + placeholder="a7179f89-906b-4fec-9d99-f15b796e7208"/> + </div> + </div> + <button type="submit" class="btn btn-primary">Submit flag</button> + </form> + </div> + + <br/> + <div class="attack-feedback"></div> + <div class="attack-output"></div> + </div> +</div> </html> \ No newline at end of file diff --git a/webgoat-lessons/challenge/src/main/resources/js/challenge3.js b/webgoat-lessons/challenge/src/main/resources/js/challenge3.js index be9cb11f0..53d4c36a2 100644 --- a/webgoat-lessons/challenge/src/main/resources/js/challenge3.js +++ b/webgoat-lessons/challenge/src/main/resources/js/challenge3.js @@ -9,7 +9,7 @@ $(document).ready(function () { }) }) - $.get("challenge3", function (result, status) { + $.get("challenge/3", function (result, status) { alert("Hello"); }) }) \ No newline at end of file diff --git a/webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_1.adoc b/webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_1.adoc index 4f77d8158..e5678d52f 100644 --- a/webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_1.adoc +++ b/webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_1.adoc @@ -1 +1 @@ -==== Admin forgot password can you help? \ No newline at end of file +Admin forgot password can you help? \ No newline at end of file diff --git a/webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_4.adoc b/webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_4.adoc new file mode 100644 index 000000000..60cb2eb18 --- /dev/null +++ b/webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_4.adoc @@ -0,0 +1 @@ +No need to pay (fixed after private disclosure), do you need to pay now? \ No newline at end of file