diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/DOMInjection.java b/main/project/JavaSource/org/owasp/webgoat/lessons/DOMInjection.java index d0d80a185..08d469d90 100644 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/DOMInjection.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/DOMInjection.java @@ -8,6 +8,8 @@ import org.apache.ecs.Element; import org.apache.ecs.ElementContainer; import org.apache.ecs.StringElement; import org.apache.ecs.html.BR; +import org.apache.ecs.html.Div; +import org.apache.ecs.html.Form; import org.apache.ecs.html.H1; import org.apache.ecs.html.IMG; import org.apache.ecs.html.Input; @@ -58,14 +60,12 @@ public class DOMInjection extends LessonAdapter private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt("Macadamian Technologies") .setBorder(0).setHspace(0).setVspace(0); - protected Element createContent(WebSession s) + private final static String key = "K1JFWP8BSO8HI52LNPQS8F5L01N"; + + public void handleRequest(WebSession s) { - - String key = "K1JFWP8BSO8HI52LNPQS8F5L01N"; - ElementContainer ec = new ElementContainer(); - try - { + { String userKey = s.getParser().getRawParameter(KEY, ""); String fromAJAX = s.getParser().getRawParameter("from", ""); if (fromAJAX.equalsIgnoreCase("ajax") && userKey.length() != 0 && userKey.equals(key)) @@ -73,23 +73,39 @@ public class DOMInjection extends LessonAdapter s.getResponse().setContentType("text/html"); s.getResponse().setHeader("Cache-Control", "no-cache"); PrintWriter out = new PrintWriter(s.getResponse().getOutputStream()); + + out.print("document.forms[0].SUBMIT.disabled = false;"); out.flush(); out.close(); - return ec; - } - if (s.getRequest().getMethod().equalsIgnoreCase("POST")) - { - makeSuccess(s); + return ; } + } catch (Exception e) { - s.setMessage("Error generating " + this.getClass().getName()); e.printStackTrace(); } + Form form = new Form(getFormAction(), Form.POST).setName("form").setEncType(""); + + form.addElement(createContent(s)); + + setContent(form); + } + protected Element createContent(WebSession s) + { + + + ElementContainer ec = new ElementContainer(); + + if (s.getRequest().getMethod().equalsIgnoreCase("POST") ) + { + makeSuccess(s); + } String lineSep = System.getProperty("line.separator"); - String script = "" + lineSep; + + " if (req.status == 200) { " + lineSep + " var message = req.responseText;" + lineSep + + " var result = req.responseXML.getElementsByTagName('reward');" + lineSep + + " var messageDiv = document.getElementById('MessageDiv');" + lineSep + + " try {" + lineSep + + " eval(message);" + lineSep + " " + lineSep + + " messageDiv.innerHTML = 'Correct licence Key.' " + lineSep + + " }" + lineSep + + " catch(err)" + lineSep + + " { " + lineSep + + " messageDiv.innerHTML = 'Wrong license key.'" + lineSep + + "} " + lineSep + + " }}}" + lineSep + "" + lineSep; ec.addElement(new StringElement(script)); ec.addElement(new BR().addElement(new H1().addElement("Welcome to WebGoat Registration Page:"))); @@ -121,6 +147,7 @@ public class DOMInjection extends LessonAdapter t1.addElement(tr); + tr = new TR(); Input b = new Input(); b.setType(Input.SUBMIT); @@ -132,6 +159,10 @@ public class DOMInjection extends LessonAdapter t1.addElement(tr); ec.addElement(t1); + Div div = new Div(); + div.addAttribute("name", "MessageDiv"); + div.addAttribute("id", "MessageDiv"); + ec.addElement(div); return ec; }