diff --git a/webgoat-container/src/main/resources/application.properties b/webgoat-container/src/main/resources/application.properties
index 281b53230..899683c57 100644
--- a/webgoat-container/src/main/resources/application.properties
+++ b/webgoat-container/src/main/resources/application.properties
@@ -1,3 +1,7 @@
+spring.mandatory-file-encoding=UTF-8
+spring.http.encoding.charset=UTF-8
+spring.http.encoding.enabled=true
+
server.error.include-stacktrace=always
server.error.path=/error.html
server.session.timeout=600
diff --git a/webgoat-container/src/main/resources/static/css/main.css b/webgoat-container/src/main/resources/static/css/main.css
index 59f674616..27a4e6d83 100644
--- a/webgoat-container/src/main/resources/static/css/main.css
+++ b/webgoat-container/src/main/resources/static/css/main.css
@@ -1001,9 +1001,15 @@ cookie-container {
margin: 3px;
}
+@keyframes blink {
+ 50% { border-color: white; }
+}
+
.cur-page {
- border-bottom: 2px solid #000;
+ animation: blink 1.5s 2 forwards;
+ border: 3px solid blue;
color:#aaa;
+ background-color: lightsalmon;
}
span.show-next-page, span.show-prev-page {
diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionChallenge.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionChallenge.java
index 674efb000..3f13d819f 100644
--- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionChallenge.java
+++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionChallenge.java
@@ -20,7 +20,7 @@ import java.sql.*;
* @author nbaars
* @since 4/8/17.
*/
-@AssignmentPath("SqlInjection/challenge")
+@AssignmentPath("/SqlInjectionAdvanced/challenge")
@AssignmentHints(value = {"SqlInjectionChallenge1", "SqlInjectionChallenge2", "SqlInjectionChallenge3"})
@Slf4j
public class SqlInjectionChallenge extends AssignmentEndpoint {
diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionChallengeLogin.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionChallengeLogin.java
index 05816c434..4ca99b883 100644
--- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionChallengeLogin.java
+++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionChallengeLogin.java
@@ -17,7 +17,7 @@ import java.sql.*;
import static org.springframework.web.bind.annotation.RequestMethod.POST;
-@AssignmentPath("SqlInjection/challenge_Login")
+@AssignmentPath("/SqlInjectionAdvanced/challenge_Login")
@Slf4j
@AssignmentHints(value ={"SqlInjectionChallengeHint1", "SqlInjectionChallengeHint2", "SqlInjectionChallengeHint3", "SqlInjectionChallengeHint4"})
public class SqlInjectionChallengeLogin extends AssignmentEndpoint {
diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionLesson6a.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionLesson6a.java
index e72c74577..9bf990d3c 100644
--- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionLesson6a.java
+++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionLesson6a.java
@@ -42,7 +42,7 @@ import java.sql.*;
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @created October 28, 2003
*/
-@AssignmentPath("/SqlInjection/attack6a")
+@AssignmentPath("/SqlInjectionAdvanced/attack6a")
@AssignmentHints(value = {"SqlStringInjectionHint-advanced-6a-1", "SqlStringInjectionHint-advanced-6a-2", "SqlStringInjectionHint-advanced-6a-3",
"SqlStringInjectionHint-advanced-6a-4"})
public class SqlInjectionLesson6a extends AssignmentEndpoint {
diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionLesson6b.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionLesson6b.java
index 74fc5d2ad..a6e276bd2 100644
--- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionLesson6b.java
+++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionLesson6b.java
@@ -47,7 +47,7 @@ import java.sql.Statement;
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @created October 28, 2003
*/
-@AssignmentPath("/SqlInjection/attack6b")
+@AssignmentPath("/SqlInjectionAdvanced/attack6b")
public class SqlInjectionLesson6b extends AssignmentEndpoint {
@RequestMapping(method = RequestMethod.POST)
diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionQuiz.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionQuiz.java
index 52a800142..6367c48f7 100644
--- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionQuiz.java
+++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionQuiz.java
@@ -21,7 +21,7 @@ import java.sql.Statement;
* 3. add Request param with name of question to method head
* For a more detailed description how to implement the quiz go to the quiz.js file in webgoat-container -> js
*/
-@AssignmentPath("/SqlInjection/quiz")
+@AssignmentPath("/SqlInjectionAdvanced/quiz")
public class SqlInjectionQuiz extends AssignmentEndpoint {
String[] solutions = {"Solution 4", "Solution 3", "Solution 2", "Solution 3", "Solution 4"};
diff --git a/webgoat-lessons/sql-injection/src/main/resources/html/SqlInjectionAdvanced.html b/webgoat-lessons/sql-injection/src/main/resources/html/SqlInjectionAdvanced.html
index 896dcf48f..1158f0661 100644
--- a/webgoat-lessons/sql-injection/src/main/resources/html/SqlInjectionAdvanced.html
+++ b/webgoat-lessons/sql-injection/src/main/resources/html/SqlInjectionAdvanced.html
@@ -3,22 +3,24 @@
<html xmlns:th="http://www.thymeleaf.org">
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/assignments.css}"/>
+<!-- 1 -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:SqlInjectionAdvanced_plan.adoc"></div>
</div>
-
+<!-- 2 -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:SqlInjection_content6.adoc"></div>
</div>
+<!-- 3 -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:SqlInjection_content6a.adoc"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
- action="/WebGoat/SqlInjection/attack6a"
+ action="/WebGoat/SqlInjectionAdvanced/attack6a"
enctype="application/json;charset=UTF-8">
<table>
<tr>
@@ -29,15 +31,10 @@
<td></td>
</tr>
</table>
- </form>
- <div class="attack-feedback"></div>
- <div class="attack-output"></div>
- </div>
- <div class="attack-container">
- <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
+ </form>
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
- action="/WebGoat/SqlInjection/attack6b"
+ action="/WebGoat/SqlInjectionAdvanced/attack6b"
enctype="application/json;charset=UTF-8">
<table>
<tr>
@@ -54,6 +51,7 @@
</div>
</div>
+<!-- 4 -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:SqlInjection_content6c.adoc"></div>
</div>
@@ -83,7 +81,7 @@
<div class="col-lg-12">
<form id="login-form" class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
- action="SqlInjection/challenge_Login"
+ action="SqlInjectionAdvanced/challenge_Login"
enctype="application/json;charset=UTF-8" role="form">
<div class="form-group">
<input type="text" name="username_login" id="username4" tabindex="1"
@@ -119,7 +117,7 @@
</form>
<form id="register-form" class="attack-form" accept-charset="UNKNOWN"
method="PUT" name="form"
- action="SqlInjection/challenge"
+ action="SqlInjectionAdvanced/challenge"
enctype="application/json;charset=UTF-8" style="display: none;" role="form">
<div class="form-group">
<input type="text" name="username_reg" id="username" tabindex="1"
@@ -172,7 +170,7 @@
<div class="container-fluid">
<form id="quiz-form" class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
- action="SqlInjection/quiz"
+ action="/WebGoat/SqlInjectionAdvanced/quiz"
enctype="application/json;charset=UTF-8" role="form">
<div id="q_container"></div>
<br />
diff --git a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6aTest.java b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6aTest.java
index 71d85443c..be88f4b75 100644
--- a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6aTest.java
+++ b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6aTest.java
@@ -30,7 +30,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
@Test
public void wrongSolution() throws Exception {
- mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a")
+ mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6a")
.param("userid_6a", "John"))
.andExpect(status().isOk())
@@ -39,7 +39,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
@Test
public void wrongNumberOfColumns() throws Exception {
- mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a")
+ mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6a")
.param("userid_6a", "Smith' union select userid,user_name, password,cookie from user_system_data --"))
.andExpect(status().isOk())
@@ -49,7 +49,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
@Test
public void wrongDataTypeOfColumns() throws Exception {
- mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a")
+ mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6a")
.param("userid_6a", "Smith' union select 1,password, 1,'2','3', '4',1 from user_system_data --"))
.andExpect(status().isOk())
@@ -59,7 +59,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
@Test
public void correctSolution() throws Exception {
- mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a")
+ mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6a")
.param("userid_6a", "Smith'; SELECT * from user_system_data; --"))
.andExpect(status().isOk())
.andExpect(jsonPath("$.lessonCompleted", is(false)))
@@ -68,7 +68,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
@Test
public void noResultsReturned() throws Exception {
- mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a")
+ mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6a")
.param("userid_6a", "Smith' and 1 = 2 --"))
.andExpect(status().isOk())
@@ -78,7 +78,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
@Test
public void noUnionUsed() throws Exception {
- mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a")
+ mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6a")
.param("userid_6a", "S'; Select * from user_system_data; --"))
.andExpect(status().isOk())
diff --git a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6bTest.java b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6bTest.java
index 7341a6d3a..cfb8aebfe 100644
--- a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6bTest.java
+++ b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6bTest.java
@@ -29,7 +29,7 @@ public class SqlInjectionLesson6bTest extends LessonTest {
@Test
public void submitCorrectPassword() throws Exception {
- mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6b")
+ mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6b")
.param("userid_6b", "passW0rD"))
.andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(true)));
@@ -37,7 +37,7 @@ public class SqlInjectionLesson6bTest extends LessonTest {
@Test
public void submitWrongPassword() throws Exception {
- mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6b")
+ mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6b")
.param("userid_6b", "John"))
.andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(false)));
diff --git a/webwolf/src/main/resources/application.properties b/webwolf/src/main/resources/application.properties
index 981ce87aa..d9d29d25b 100644
--- a/webwolf/src/main/resources/application.properties
+++ b/webwolf/src/main/resources/application.properties
@@ -1,3 +1,7 @@
+spring.mandatory-file-encoding=UTF-8
+spring.http.encoding.charset=UTF-8
+spring.http.encoding.enabled=true
+
server.error.include-stacktrace=always
server.error.path=/error.html
server.session.timeout=6000