style sheet and advanced sql
This commit is contained in:
		| @ -1,3 +1,7 @@ | ||||
| spring.mandatory-file-encoding=UTF-8 | ||||
| spring.http.encoding.charset=UTF-8 | ||||
| spring.http.encoding.enabled=true | ||||
|  | ||||
| server.error.include-stacktrace=always | ||||
| server.error.path=/error.html | ||||
| server.session.timeout=600 | ||||
|  | ||||
| @ -1001,9 +1001,15 @@ cookie-container { | ||||
|     margin: 3px; | ||||
| } | ||||
|  | ||||
| @keyframes blink {  | ||||
|    50% { border-color: white; }  | ||||
| } | ||||
|  | ||||
| .cur-page { | ||||
|     border-bottom: 2px solid #000; | ||||
|     animation: blink 1.5s 2 forwards; | ||||
|     border: 3px solid blue; | ||||
|     color:#aaa; | ||||
|     background-color: lightsalmon; | ||||
| } | ||||
|  | ||||
| span.show-next-page, span.show-prev-page { | ||||
|  | ||||
| @ -20,7 +20,7 @@ import java.sql.*; | ||||
|  * @author nbaars | ||||
|  * @since 4/8/17. | ||||
|  */ | ||||
| @AssignmentPath("SqlInjection/challenge") | ||||
| @AssignmentPath("/SqlInjectionAdvanced/challenge") | ||||
| @AssignmentHints(value = {"SqlInjectionChallenge1", "SqlInjectionChallenge2", "SqlInjectionChallenge3"}) | ||||
| @Slf4j | ||||
| public class SqlInjectionChallenge extends AssignmentEndpoint { | ||||
|  | ||||
| @ -17,7 +17,7 @@ import java.sql.*; | ||||
|  | ||||
| import static org.springframework.web.bind.annotation.RequestMethod.POST; | ||||
|  | ||||
| @AssignmentPath("SqlInjection/challenge_Login") | ||||
| @AssignmentPath("/SqlInjectionAdvanced/challenge_Login") | ||||
| @Slf4j | ||||
| @AssignmentHints(value ={"SqlInjectionChallengeHint1", "SqlInjectionChallengeHint2", "SqlInjectionChallengeHint3", "SqlInjectionChallengeHint4"}) | ||||
| public class SqlInjectionChallengeLogin extends AssignmentEndpoint { | ||||
|  | ||||
| @ -42,7 +42,7 @@ import java.sql.*; | ||||
|  * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a> | ||||
|  * @created October 28, 2003 | ||||
|  */ | ||||
| @AssignmentPath("/SqlInjection/attack6a") | ||||
| @AssignmentPath("/SqlInjectionAdvanced/attack6a") | ||||
| @AssignmentHints(value = {"SqlStringInjectionHint-advanced-6a-1", "SqlStringInjectionHint-advanced-6a-2", "SqlStringInjectionHint-advanced-6a-3", | ||||
| "SqlStringInjectionHint-advanced-6a-4"}) | ||||
| public class SqlInjectionLesson6a extends AssignmentEndpoint { | ||||
|  | ||||
| @ -47,7 +47,7 @@ import java.sql.Statement; | ||||
|  * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a> | ||||
|  * @created October 28, 2003 | ||||
|  */ | ||||
| @AssignmentPath("/SqlInjection/attack6b") | ||||
| @AssignmentPath("/SqlInjectionAdvanced/attack6b") | ||||
| public class SqlInjectionLesson6b extends AssignmentEndpoint { | ||||
|  | ||||
|     @RequestMapping(method = RequestMethod.POST) | ||||
|  | ||||
| @ -21,7 +21,7 @@ import java.sql.Statement; | ||||
|  * 3. add Request param with name of question to method head | ||||
|  * For a more detailed description how to implement the quiz go to the quiz.js file in webgoat-container -> js | ||||
|  */ | ||||
| @AssignmentPath("/SqlInjection/quiz") | ||||
| @AssignmentPath("/SqlInjectionAdvanced/quiz") | ||||
| public class SqlInjectionQuiz extends AssignmentEndpoint { | ||||
|  | ||||
|     String[] solutions = {"Solution 4", "Solution 3", "Solution 2", "Solution 3", "Solution 4"}; | ||||
|  | ||||
| @ -3,22 +3,24 @@ | ||||
| <html xmlns:th="http://www.thymeleaf.org"> | ||||
| <link rel="stylesheet" type="text/css" th:href="@{/lesson_css/assignments.css}"/> | ||||
|  | ||||
| <!-- 1 --> | ||||
| <div class="lesson-page-wrapper"> | ||||
|     <div class="adoc-content" th:replace="doc:SqlInjectionAdvanced_plan.adoc"></div> | ||||
| </div> | ||||
|  | ||||
|  | ||||
| <!-- 2 --> | ||||
| <div class="lesson-page-wrapper"> | ||||
|     <div class="adoc-content" th:replace="doc:SqlInjection_content6.adoc"></div> | ||||
| </div> | ||||
|  | ||||
| <!-- 3 --> | ||||
| <div class="lesson-page-wrapper"> | ||||
|     <div class="adoc-content" th:replace="doc:SqlInjection_content6a.adoc"></div> | ||||
|     <div class="attack-container"> | ||||
|         <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> | ||||
|         <form class="attack-form" accept-charset="UNKNOWN" | ||||
|               method="POST" name="form" | ||||
|               action="/WebGoat/SqlInjection/attack6a" | ||||
|               action="/WebGoat/SqlInjectionAdvanced/attack6a" | ||||
|               enctype="application/json;charset=UTF-8"> | ||||
|             <table> | ||||
|                 <tr> | ||||
| @ -30,14 +32,9 @@ | ||||
|                 </tr> | ||||
|             </table> | ||||
|         </form>         | ||||
|         <div class="attack-feedback"></div> | ||||
|         <div class="attack-output"></div> | ||||
|     </div> | ||||
|     <div class="attack-container"> | ||||
|         <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> | ||||
|         <form class="attack-form" accept-charset="UNKNOWN" | ||||
|               method="POST" name="form" | ||||
|               action="/WebGoat/SqlInjection/attack6b" | ||||
|               action="/WebGoat/SqlInjectionAdvanced/attack6b" | ||||
|               enctype="application/json;charset=UTF-8"> | ||||
|             <table> | ||||
|                 <tr> | ||||
| @ -54,6 +51,7 @@ | ||||
|     </div> | ||||
| </div> | ||||
|  | ||||
| <!-- 4 --> | ||||
| <div class="lesson-page-wrapper"> | ||||
|     <div class="adoc-content" th:replace="doc:SqlInjection_content6c.adoc"></div> | ||||
| </div> | ||||
| @ -83,7 +81,7 @@ | ||||
|                                 <div class="col-lg-12"> | ||||
|                                     <form id="login-form" class="attack-form" accept-charset="UNKNOWN" | ||||
|                                           method="POST" name="form" | ||||
|                                           action="SqlInjection/challenge_Login" | ||||
|                                           action="SqlInjectionAdvanced/challenge_Login" | ||||
|                                           enctype="application/json;charset=UTF-8" role="form"> | ||||
|                                         <div class="form-group"> | ||||
|                                             <input type="text" name="username_login" id="username4" tabindex="1" | ||||
| @ -119,7 +117,7 @@ | ||||
|                                     </form> | ||||
|                                     <form id="register-form" class="attack-form" accept-charset="UNKNOWN" | ||||
|                                           method="PUT" name="form" | ||||
|                                           action="SqlInjection/challenge" | ||||
|                                           action="SqlInjectionAdvanced/challenge" | ||||
|                                           enctype="application/json;charset=UTF-8" style="display: none;" role="form"> | ||||
|                                         <div class="form-group"> | ||||
|                                             <input type="text" name="username_reg" id="username" tabindex="1" | ||||
| @ -172,7 +170,7 @@ | ||||
|             <div class="container-fluid"> | ||||
|                 <form id="quiz-form" class="attack-form" accept-charset="UNKNOWN" | ||||
|                       method="POST" name="form" | ||||
|                       action="SqlInjection/quiz" | ||||
|                       action="/WebGoat/SqlInjectionAdvanced/quiz" | ||||
|                       enctype="application/json;charset=UTF-8" role="form"> | ||||
|                     <div id="q_container"></div> | ||||
|                     <br /> | ||||
|  | ||||
| @ -30,7 +30,7 @@ public class SqlInjectionLesson6aTest extends LessonTest { | ||||
|  | ||||
|     @Test | ||||
|     public void wrongSolution() throws Exception { | ||||
|         mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a") | ||||
|         mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6a") | ||||
|                 .param("userid_6a", "John")) | ||||
|  | ||||
|                 .andExpect(status().isOk()) | ||||
| @ -39,7 +39,7 @@ public class SqlInjectionLesson6aTest extends LessonTest { | ||||
|  | ||||
|     @Test | ||||
|     public void wrongNumberOfColumns() throws Exception { | ||||
|         mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a") | ||||
|         mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6a") | ||||
|                 .param("userid_6a", "Smith' union select userid,user_name, password,cookie from user_system_data --")) | ||||
|  | ||||
|                 .andExpect(status().isOk()) | ||||
| @ -49,7 +49,7 @@ public class SqlInjectionLesson6aTest extends LessonTest { | ||||
|  | ||||
|     @Test | ||||
|     public void wrongDataTypeOfColumns() throws Exception { | ||||
|         mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a") | ||||
|         mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6a") | ||||
|                 .param("userid_6a", "Smith' union select 1,password, 1,'2','3', '4',1 from user_system_data --")) | ||||
|  | ||||
|                 .andExpect(status().isOk()) | ||||
| @ -59,7 +59,7 @@ public class SqlInjectionLesson6aTest extends LessonTest { | ||||
|  | ||||
|     @Test | ||||
|     public void correctSolution() throws Exception { | ||||
|         mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a") | ||||
|         mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6a") | ||||
|                 .param("userid_6a", "Smith'; SELECT * from user_system_data; --")) | ||||
|                 .andExpect(status().isOk()) | ||||
|                 .andExpect(jsonPath("$.lessonCompleted", is(false))) | ||||
| @ -68,7 +68,7 @@ public class SqlInjectionLesson6aTest extends LessonTest { | ||||
|  | ||||
|     @Test | ||||
|     public void noResultsReturned() throws Exception { | ||||
|         mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a") | ||||
|         mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6a") | ||||
|                 .param("userid_6a", "Smith' and 1 = 2 --")) | ||||
|  | ||||
|                 .andExpect(status().isOk()) | ||||
| @ -78,7 +78,7 @@ public class SqlInjectionLesson6aTest extends LessonTest { | ||||
|  | ||||
|     @Test | ||||
|     public void noUnionUsed() throws Exception { | ||||
|         mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a") | ||||
|         mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6a") | ||||
|                 .param("userid_6a", "S'; Select * from user_system_data; --")) | ||||
|  | ||||
|                 .andExpect(status().isOk()) | ||||
|  | ||||
| @ -29,7 +29,7 @@ public class SqlInjectionLesson6bTest extends LessonTest { | ||||
|  | ||||
|     @Test | ||||
|     public void submitCorrectPassword() throws Exception { | ||||
|         mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6b") | ||||
|         mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6b") | ||||
|                 .param("userid_6b", "passW0rD")) | ||||
|  | ||||
|                 .andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(true))); | ||||
| @ -37,7 +37,7 @@ public class SqlInjectionLesson6bTest extends LessonTest { | ||||
|  | ||||
|     @Test | ||||
|     public void submitWrongPassword() throws Exception { | ||||
|         mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6b") | ||||
|         mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6b") | ||||
|                 .param("userid_6b", "John")) | ||||
|  | ||||
|                 .andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(false))); | ||||
|  | ||||
| @ -1,3 +1,7 @@ | ||||
| spring.mandatory-file-encoding=UTF-8 | ||||
| spring.http.encoding.charset=UTF-8 | ||||
| spring.http.encoding.enabled=true | ||||
|  | ||||
| server.error.include-stacktrace=always | ||||
| server.error.path=/error.html | ||||
| server.session.timeout=6000 | ||||
|  | ||||
		Reference in New Issue
	
	Block a user