WIP
This commit is contained in:
Nanne Baars
@ -4,10 +4,7 @@ import org.owasp.webgoat.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.assignments.AssignmentHints;
|
||||
import org.owasp.webgoat.assignments.AssignmentPath;
|
||||
import org.owasp.webgoat.assignments.AttackResult;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import java.io.IOException;
|
||||
@ -41,14 +38,13 @@ import java.io.IOException;
|
||||
* @version $Id: $Id
|
||||
* @since January 3, 2017
|
||||
*/
|
||||
|
||||
@AssignmentPath("IDOR/diff-attributes")
|
||||
@RestController
|
||||
@AssignmentHints({"idor.hints.idorDiffAttributes1","idor.hints.idorDiffAttributes2","idor.hints.idorDiffAttributes3"})
|
||||
public class IDORDiffAttributes extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
public @ResponseBody
|
||||
AttackResult completed(@RequestParam String attributes, HttpServletRequest request) throws IOException {
|
||||
@PostMapping("IDOR/diff-attributes")
|
||||
@ResponseBody
|
||||
public AttackResult completed(@RequestParam String attributes, HttpServletRequest request) throws IOException {
|
||||
attributes = attributes.trim();
|
||||
String[] diffAttribs = attributes.split(",");
|
||||
if (diffAttribs.length < 2) {
|
||||
|
||||
@ -37,17 +37,16 @@ import org.springframework.web.bind.annotation.*;
|
||||
* @version $Id: $Id
|
||||
* @since January 3, 2017
|
||||
*/
|
||||
|
||||
@AssignmentPath("IDOR/profile/{userId}")
|
||||
@RestController
|
||||
@AssignmentHints({"idor.hints.otherProfile1","idor.hints.otherProfile2","idor.hints.otherProfile3","idor.hints.otherProfile4","idor.hints.otherProfile5","idor.hints.otherProfile6","idor.hints.otherProfile7","idor.hints.otherProfile8","idor.hints.otherProfile9"})
|
||||
public class IDOREditOtherProfiile extends AssignmentEndpoint {
|
||||
|
||||
@Autowired
|
||||
private UserSessionData userSessionData;
|
||||
|
||||
@PutMapping(consumes = "application/json")
|
||||
public @ResponseBody
|
||||
AttackResult completed(@PathVariable("userId") String userId, @RequestBody UserProfile userSubmittedProfile) {
|
||||
@PutMapping(path = "IDOR/profile/{userId}", consumes = "application/json")
|
||||
@ResponseBody
|
||||
public AttackResult completed(@PathVariable("userId") String userId, @RequestBody UserProfile userSubmittedProfile) {
|
||||
|
||||
String authUserId = (String)userSessionData.getValue("idor-authenticated-user-id");
|
||||
// this is where it starts ... accepting the user submitted ID and assuming it will be the same as the logged in userId and not checking for proper authorization
|
||||
|
||||
@ -40,8 +40,7 @@ import java.util.Map;
|
||||
* @version $Id: $Id
|
||||
* @since January 3, 2017
|
||||
*/
|
||||
|
||||
@AssignmentPath("/IDOR/login")
|
||||
@RestController
|
||||
@AssignmentHints({"idor.hints.idor_login"})
|
||||
public class IDORLogin extends AssignmentEndpoint {
|
||||
|
||||
@ -63,7 +62,7 @@ public class IDORLogin extends AssignmentEndpoint {
|
||||
|
||||
}
|
||||
|
||||
@PostMapping
|
||||
@PostMapping("/IDOR/login")
|
||||
@ResponseBody
|
||||
public AttackResult completed(@RequestParam String username, @RequestParam String password) {
|
||||
initIDORInfo();
|
||||
@ -81,12 +80,4 @@ public class IDORLogin extends AssignmentEndpoint {
|
||||
return trackProgress(failed().feedback("idor.login.failure").build());
|
||||
}
|
||||
}
|
||||
|
||||
// userSessionData.setValue("foo","bar");
|
||||
// System.out.println("*** value set");
|
||||
// System.out.println("*** fetching value");
|
||||
// System.out.println(userSessionData.getValue("foo"));
|
||||
// System.out.println("*** DONE fetching value");
|
||||
// return trackProgress(AttackResult.failed("You are close, try again"));
|
||||
|
||||
}
|
||||
|
||||
@ -7,10 +7,7 @@ import org.owasp.webgoat.assignments.AssignmentPath;
|
||||
import org.owasp.webgoat.assignments.AttackResult;
|
||||
import org.owasp.webgoat.session.UserSessionData;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.util.HashMap;
|
||||
@ -45,15 +42,14 @@ import java.util.Map;
|
||||
* @version $Id: $Id
|
||||
* @since January 3, 2017
|
||||
*/
|
||||
|
||||
@AssignmentPath("IDOR/profile/{userId}")
|
||||
@RestController
|
||||
@AssignmentHints({"idor.hints.otherProfile1","idor.hints.otherProfile2","idor.hints.otherProfile3","idor.hints.otherProfile4","idor.hints.otherProfile5","idor.hints.otherProfile6","idor.hints.otherProfile7","idor.hints.otherProfile8","idor.hints.otherProfile9"})
|
||||
public class IDORViewOtherProfile extends AssignmentEndpoint{
|
||||
|
||||
@Autowired
|
||||
UserSessionData userSessionData;
|
||||
|
||||
@RequestMapping(produces = {"application/json"}, method = RequestMethod.GET)
|
||||
@GetMapping(path = "IDOR/profile/{userId}", produces = {"application/json"})
|
||||
@ResponseBody
|
||||
public AttackResult completed(@PathVariable("userId") String userId, HttpServletResponse resp) {
|
||||
Map<String,Object> details = new HashMap<>();
|
||||
@ -76,5 +72,4 @@ public class IDORViewOtherProfile extends AssignmentEndpoint{
|
||||
}
|
||||
return trackProgress(failed().build());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -3,9 +3,7 @@ package org.owasp.webgoat.plugin;
|
||||
|
||||
import org.owasp.webgoat.session.UserSessionData;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
@ -43,15 +41,15 @@ import java.util.Map;
|
||||
* @version $Id: $Id
|
||||
* @since January 3, 2017
|
||||
*/
|
||||
|
||||
@RestController
|
||||
public class IDORViewOwnProfile {
|
||||
|
||||
@Autowired
|
||||
UserSessionData userSessionData;
|
||||
|
||||
@RequestMapping(produces = {"application/json"}, method = RequestMethod.GET)
|
||||
@GetMapping(produces = {"application/json"})
|
||||
@ResponseBody
|
||||
public Map<String, Object> invoke(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
|
||||
public Map<String, Object> invoke() {
|
||||
Map<String,Object> details = new HashMap<>();
|
||||
try {
|
||||
if (userSessionData.getValue("idor-authenticated-as").equals("tom")) {
|
||||
@ -71,9 +69,4 @@ public class IDORViewOwnProfile {
|
||||
}
|
||||
return details;
|
||||
}
|
||||
|
||||
// @Override
|
||||
// public String getPath() {
|
||||
// return "/IDOR/profile";
|
||||
// }
|
||||
}
|
||||
|
||||
@ -45,22 +45,20 @@ import java.util.Map;
|
||||
* @version $Id: $Id
|
||||
* @since January 3, 2017
|
||||
*/
|
||||
|
||||
@AssignmentPath("IDOR/profile/alt-path")
|
||||
@AssignmentHints({"idor.hints.ownProfileAltUrl1","idor.hints.ownProfileAltUrl2","idor.hints.ownProfileAltUrl3"})
|
||||
public class IDORViewOwnProfileAltUrl extends AssignmentEndpoint{
|
||||
@RestController
|
||||
@AssignmentHints({"idor.hints.ownProfileAltUrl1", "idor.hints.ownProfileAltUrl2", "idor.hints.ownProfileAltUrl3"})
|
||||
public class IDORViewOwnProfileAltUrl extends AssignmentEndpoint {
|
||||
|
||||
@Autowired
|
||||
UserSessionData userSessionData;
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
@PostMapping("IDOR/profile/alt-path")
|
||||
@ResponseBody
|
||||
public AttackResult completed(@RequestParam String url, HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
|
||||
Map<String,Object> details = new HashMap<>();
|
||||
public AttackResult completed(@RequestParam String url) {
|
||||
try {
|
||||
if (userSessionData.getValue("idor-authenticated-as").equals("tom")) {
|
||||
//going to use session auth to view this one
|
||||
String authUserId = (String)userSessionData.getValue("idor-authenticated-user-id");
|
||||
String authUserId = (String) userSessionData.getValue("idor-authenticated-user-id");
|
||||
//don't care about http://localhost:8080 ... just want WebGoat/
|
||||
String[] urlParts = url.split("/");
|
||||
if (urlParts[0].equals("WebGoat") && urlParts[1].equals("IDOR") && urlParts[2].equals("profile") && urlParts[3].equals(authUserId)) {
|
||||
@ -74,9 +72,7 @@ public class IDORViewOwnProfileAltUrl extends AssignmentEndpoint{
|
||||
return trackProgress(failed().feedback("idor.view.own.profile.failure2").build());
|
||||
}
|
||||
} catch (Exception ex) {
|
||||
System.out.println(ex.getMessage());
|
||||
return failed().feedback("an error occurred with your request").build();
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user