dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* Hints added

Browse Source 
* Solutions added
* Bugfixes
* Introduction added (including how to start with webgoat and useful tools)
* New lesson: Password strength
* New lessons: Multi Level Login
* Not yet working new lesson: Session fixation (inital release)

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@301 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
wirth.marcel
2008-04-07 14:28:38 +00:00
parent 84f01ba70a
commit 5d930ec235
137 changed files with 4230 additions and 479 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
main/project/WebContent/lesson_solutions/WsSqlInjection.html
View File

@ -626,7 +626,7 @@ you believe you have suceeded, refresh the page and look for the 'green star'.<o
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This lesson
can be solved easily by using a web services tool called SOAPUI. But here you
will only use WebScarab. Go in WebScarab to the tab <EFBFBD>Web Services<EFBFBD>. You will
will only use WebScarab. Go in WebScarab to the tab "Web Services". You will
see a history of invoked web services or WSDL files.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
@ -675,8 +675,9 @@ WebGoat WSDL file for this lesson (WsSqlInjection?WSDL) in a new window.<o:p></o
you can select this WSDL from the top drop-down box. And WebScarab will parse
the XML file so you can select the operations to invoke. Then you can enter a
value for the parameters used to invoke the operation. For example fill out the
integer 101 for the ID value and click <EFBFBD>Execute<EFBFBD>. WebScarab will pop-up a basic
authentication window. Enter guest/guest and click <EFBFBD>Ok<EFBFBD>.<o:p></o:p></span></p>
integer 101 for the ID value and click "Execute". WebScarab will pop-up a basic
authentication window. Enter username:guest, password:guest and host:localhost then click "Ok".
If the pop-up does not appear you have to go to "Tools" > "Credentials". There you should activate "Ask when required". <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
@ -744,7 +745,7 @@ field-end'></span><![endif]--> All the credit cards<span style='font-family:
<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><u><span
style='font-family:"Arial","sans-serif"'>Remark:</span></u></b><span
style='font-family:"Arial","sans-serif"'> when you don<EFBFBD>t get any responses you
style='font-family:"Arial","sans-serif"'> when you don't get any responses you
might want to select the service and operation again from the drop-down box. A nice
feature here would be the ability to make a raw SOAP request.<o:p></o:p></span></p>