XXE last assignment completely working
This commit is contained in:
Nanne Baars
@ -1,5 +1,6 @@
|
||||
package org.owasp.webgoat.plugin;
|
||||
|
||||
import com.google.common.base.Joiner;
|
||||
import org.apache.commons.lang.exception.ExceptionUtils;
|
||||
import org.owasp.webgoat.lessons.Assignment;
|
||||
import org.owasp.webgoat.lessons.model.AttackResult;
|
||||
@ -55,18 +56,19 @@ public class BlindSendFileAssignment extends Assignment {
|
||||
@RequestMapping(method = RequestMethod.POST, consumes = MediaType.ALL_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
public AttackResult createNewUser(@RequestBody String userInfo) throws Exception {
|
||||
String error = "";
|
||||
String error = "Parsing successful contents not send to server";
|
||||
try {
|
||||
parseXml(userInfo);
|
||||
} catch (Exception e) {
|
||||
error = ExceptionUtils.getFullStackTrace(e);
|
||||
}
|
||||
|
||||
File logFile = new File(getPluginDirectory(), "plugin/XXE/");
|
||||
File logFile = new File(getPluginDirectory(), "/XXE/log.txt");
|
||||
List<String> lines = Files.readAllLines(Paths.get(logFile.toURI()));
|
||||
boolean solved = lines.stream().filter(l -> l.contains("WebGoat 8 rocks...")).findFirst().isPresent();
|
||||
logFile.delete();
|
||||
if (solved) {
|
||||
return AttackResult.success();
|
||||
return AttackResult.success(String.format("Contents of the file is: %s", Joiner.on('\n').join(lines)));
|
||||
} else {
|
||||
return AttackResult.failed("Try again...", error);
|
||||
}
|
||||
|
||||
@ -54,7 +54,7 @@ public class Ping extends Endpoint {
|
||||
public String logRequest(@RequestHeader("User-Agent") String userAgent, @RequestParam(required = false) String text) {
|
||||
String logLine = String.format("%s %s %s", "GET", userAgent, text);
|
||||
log.debug(logLine);
|
||||
File logFile = new File(getPluginDirectory(), "plugin/XXE/");
|
||||
File logFile = new File(getPluginDirectory(), "/XXE/log.txt");
|
||||
try {
|
||||
try (PrintWriter pw = new PrintWriter(logFile)) {
|
||||
pw.println(logLine);
|
||||
|
||||
@ -132,7 +132,7 @@
|
||||
<!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework -->
|
||||
<!-- of course, you can write your own ajax submission /handling in your own javascript if you like -->
|
||||
<form class="attack-form" accept-charset="UNKNOWN" prepareData="registerJson" method="POST" name="form"
|
||||
action="/WebGoat/XXE/content-type" contentType="application/json">
|
||||
action="/WebGoat/XXE/blind" contentType="application/json">
|
||||
<script th:src="@{/plugin_lessons/plugin/XXE/js/xxe.js}"
|
||||
language="JavaScript"></script>
|
||||
<div id="lessonContent">
|
||||
|
||||
@ -4,4 +4,4 @@ In the previous page we showed you how you can ping a server with a XXE attack,
|
||||
contents of ~/.webgoat/plugin/XXE/secret.txt to our server. For Linux: `/home/USER/.webgoat/plugin/XXE/secret.txt`, for Windows
|
||||
this would be `c:/Users/USER/.webgoat/plugin/XXE/secret.txt`
|
||||
|
||||
Try to upload this file using the following endpoint: `http://localhost:8080/WebGoat/XXE/ping?text=[contents_file]`
|
||||
Try to upload this file using the following endpoint: `http://localhost:8080/WebGoat/XXE/ping?text=[contents_file]` (NOTE: this endpoint is under your full control)
|
||||
|
||||
Reference in New Issue
Block a user