dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

General cleanup of lesson, removed sub credit from csrf lesson, add cam credit as lesson contributor

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@409 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64@gmail.com
2009-11-09 01:49:41 +00:00
parent c35169291b
commit 5394b0d8a1
3 changed files with 7 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/main/java/org/owasp/webgoat/lessons/CsrfPromptByPass.java
View File

@ -1,10 +1,6 @@
package org.owasp.webgoat.lessons; package org.owasp.webgoat.lessons;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
@ -18,16 +14,7 @@ import org.apache.ecs.html.B;
import org.apache.ecs.html.BR; import org.apache.ecs.html.BR;
import org.apache.ecs.html.Form; import org.apache.ecs.html.Form;
import org.apache.ecs.html.H1; import org.apache.ecs.html.H1;
import org.apache.ecs.html.HR;
import org.apache.ecs.html.IMG;
import org.apache.ecs.html.Input; import org.apache.ecs.html.Input;
import org.apache.ecs.html.P;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.apache.ecs.html.TextArea;
import org.owasp.webgoat.session.DatabaseUtilities;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.HtmlEncoder; import org.owasp.webgoat.util.HtmlEncoder;
@ -193,8 +180,6 @@ public class CsrfPromptByPass extends CSRF
ElementContainer credits = new ElementContainer(); ElementContainer credits = new ElementContainer();
credits.addElement(new StringElement("Contributed by ")); credits.addElement(new StringElement("Contributed by "));
credits.addElement(partnet); credits.addElement(partnet);
credits.addElement(new BR());
credits.addElement(new StringElement("Derived from Sherif Koussa's CSRF Lesson"));
return credits; return credits;
} }
} }

16
src/main/java/org/owasp/webgoat/lessons/CsrfTokenByPass.java
View File

@ -2,10 +2,6 @@
package org.owasp.webgoat.lessons; package org.owasp.webgoat.lessons;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.Random; import java.util.Random;
@ -20,17 +16,7 @@ import org.apache.ecs.html.B;
import org.apache.ecs.html.BR; import org.apache.ecs.html.BR;
import org.apache.ecs.html.Form; import org.apache.ecs.html.Form;
import org.apache.ecs.html.H1; import org.apache.ecs.html.H1;
import org.apache.ecs.html.H2;
import org.apache.ecs.html.HR;
import org.apache.ecs.html.IMG;
import org.apache.ecs.html.Input; import org.apache.ecs.html.Input;
import org.apache.ecs.html.P;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.apache.ecs.html.TextArea;
import org.owasp.webgoat.session.DatabaseUtilities;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.HtmlEncoder; import org.owasp.webgoat.util.HtmlEncoder;
@ -174,8 +160,6 @@ public class CsrfTokenByPass extends CsrfPromptByPass
ElementContainer credits = new ElementContainer(); ElementContainer credits = new ElementContainer();
credits.addElement(new StringElement("Contributed by ")); credits.addElement(new StringElement("Contributed by "));
credits.addElement(partnet); credits.addElement(partnet);
credits.addElement(new BR());
credits.addElement(new StringElement("Derived from Sherif Koussa's CSRF Lesson"));
return credits; return credits;
} }
} }

16
src/main/webapp/webgoat.jsp
View File

@ -23,7 +23,6 @@ The exercises are intended to provide hands on experience with
application penetration testing techniques. </p> application penetration testing techniques. </p>
<p>The WebGoat project is lead <p>The WebGoat project is lead
by Bruce Mayhew. Please send all comments to Bruce at <%=webSession.getWebgoatContext().getFeedbackAddress()%>.</p> by Bruce Mayhew. Please send all comments to Bruce at <%=webSession.getWebgoatContext().getFeedbackAddress()%>.</p>
<p>Thanks to <a href="http://www.ouncelabs.com"><img align="top" height="20" width="160" border = "0" src="images/logos/ounce.jpg" alt="Ounce Labs"/></a> for supporting Bruce on the WebGoat Project.</p>
<div id="team"> <div id="team">
<table border="0" align="center" class="lessonText"> <table border="0" align="center" class="lessonText">
@ -46,7 +45,7 @@ by Bruce Mayhew. Please send all comments to Bruce at <%=webSession.getWebgoatCo
</td> </td>
<td width="50%"> <td width="50%">
<div align="center"><span class="style1"><br /> <div align="center"><span class="style1"><br />
Lesson Contributers </span></div> V5.3 Lesson Contributers </span></div>
</td> </td>
</tr> </tr>
<tr> <tr>
@ -57,9 +56,8 @@ by Bruce Mayhew. Please send all comments to Bruce at <%=webSession.getWebgoatCo
<div align="center" class="style2">Laurence Casey (Graphics)</div> <div align="center" class="style2">Laurence Casey (Graphics)</div>
</td> </td>
<td valign="top"> <td valign="top">
<div align="center" class="style2">Aspect Security</div> <div align="center" class="style2">Chuck Willis</div>
<div align="center" class="style2">Sherif Koussa</div> <div align="center" class="style2">Cam Morris</div>
<div align="center" class="style2">Romain Brechet</div>
<div align="center" class="style2"></div> <div align="center" class="style2"></div>
</td> </td>
@ -67,7 +65,7 @@ by Bruce Mayhew. Please send all comments to Bruce at <%=webSession.getWebgoatCo
<tr> <tr>
<td height="25" valign="bottom"> <td height="25" valign="bottom">
<div align="center"><span class="style1">Special Thanks <div align="center"><span class="style1">Special Thanks
for V5.2</span></div> for V5.3</span></div>
</td> </td>
<td height="25" valign="bottom"> <td height="25" valign="bottom">
<div align="center"><span class="style1">Documentation <div align="center"><span class="style1">Documentation
@ -76,8 +74,8 @@ by Bruce Mayhew. Please send all comments to Bruce at <%=webSession.getWebgoatCo
</tr> </tr>
<tr> <tr>
<td> <td>
<div align="center" class="style2">Reto Lippuner</div> <div align="center" class="style2">Christine (Maven)</div>
<div align="center" class="style2">Marcel Wirth </div> <div align="center" class="style2">Marek Jawurek (Internationalization)</div>
<br/><div align="center" class="style2">To all who have sent comments</div> <br/><div align="center" class="style2">To all who have sent comments</div>
</td> </td>
@ -111,7 +109,7 @@ by Bruce Mayhew. Please send all comments to Bruce at <%=webSession.getWebgoatCo
<div align="center" class="style2">&nbsp;</div> <div align="center" class="style2">&nbsp;</div>
<div id="warning">WARNING<br /> <div id="warning">WARNING<br />
While running this program, your machine is extremely vulnerable to While running this program, your machine is extremely vulnerable to
attack. You should disconnect from the network while using this program. attack if you are not running on localhost. If tou are NOT running on localhost (default configuration), You should disconnect from the network while using this program.
<br /> <br />
<br /> <br />
This program is for educational purposes only. Use of these techniques This program is for educational purposes only. Use of these techniques