dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

style sheet and advanced sql

Browse Source
This commit is contained in:
Rene Zubcevic 2019-07-19 16:49:30 +02:00
parent 99435a1073
commit 656fa40182
11 changed files with 38 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
webgoat-container/src/main/resources/application.properties
View File

@ -1,3 +1,7 @@
spring.mandatory-file-encoding=UTF-8
spring.http.encoding.charset=UTF-8
spring.http.encoding.enabled=true
server.error.include-stacktrace=always
server.error.path=/error.html
server.session.timeout=600

8
webgoat-container/src/main/resources/static/css/main.css
View File

@ -1001,9 +1001,15 @@ cookie-container {
margin: 3px;
}
@keyframes blink {
50% { border-color: white; }
}
.cur-page {
border-bottom: 2px solid #000;
animation: blink 1.5s 2 forwards;
border: 3px solid blue;
color:#aaa;
background-color: lightsalmon;
}
span.show-next-page, span.show-prev-page {

2
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionChallenge.java
View File

@ -20,7 +20,7 @@ import java.sql.*;
* @author nbaars
* @since 4/8/17.
*/
@AssignmentPath("SqlInjection/challenge")
@AssignmentPath("/SqlInjectionAdvanced/challenge")
@AssignmentHints(value = {"SqlInjectionChallenge1", "SqlInjectionChallenge2", "SqlInjectionChallenge3"})
@Slf4j
public class SqlInjectionChallenge extends AssignmentEndpoint {

2
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionChallengeLogin.java
View File

@ -17,7 +17,7 @@ import java.sql.*;
import static org.springframework.web.bind.annotation.RequestMethod.POST;
@AssignmentPath("SqlInjection/challenge_Login")
@AssignmentPath("/SqlInjectionAdvanced/challenge_Login")
@Slf4j
@AssignmentHints(value ={"SqlInjectionChallengeHint1", "SqlInjectionChallengeHint2", "SqlInjectionChallengeHint3", "SqlInjectionChallengeHint4"})
public class SqlInjectionChallengeLogin extends AssignmentEndpoint {

2
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionLesson6a.java
View File

@ -42,7 +42,7 @@ import java.sql.*;
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @created October 28, 2003
*/
@AssignmentPath("/SqlInjection/attack6a")
@AssignmentPath("/SqlInjectionAdvanced/attack6a")
@AssignmentHints(value = {"SqlStringInjectionHint-advanced-6a-1", "SqlStringInjectionHint-advanced-6a-2", "SqlStringInjectionHint-advanced-6a-3",
"SqlStringInjectionHint-advanced-6a-4"})
public class SqlInjectionLesson6a extends AssignmentEndpoint {

2
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionLesson6b.java
View File

@ -47,7 +47,7 @@ import java.sql.Statement;
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @created October 28, 2003
*/
@AssignmentPath("/SqlInjection/attack6b")
@AssignmentPath("/SqlInjectionAdvanced/attack6b")
public class SqlInjectionLesson6b extends AssignmentEndpoint {
@RequestMapping(method = RequestMethod.POST)

2
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionQuiz.java
View File

@ -21,7 +21,7 @@ import java.sql.Statement;
* 3. add Request param with name of question to method head
* For a more detailed description how to implement the quiz go to the quiz.js file in webgoat-container -> js
*/
@AssignmentPath("/SqlInjection/quiz")
@AssignmentPath("/SqlInjectionAdvanced/quiz")
public class SqlInjectionQuiz extends AssignmentEndpoint {
String[] solutions = {"Solution 4", "Solution 3", "Solution 2", "Solution 3", "Solution 4"};

22
webgoat-lessons/sql-injection/src/main/resources/html/SqlInjectionAdvanced.html
View File

@ -3,22 +3,24 @@
<html xmlns:th="http://www.thymeleaf.org">
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/assignments.css}"/>
<!-- 1 -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:SqlInjectionAdvanced_plan.adoc"></div>
</div>
<!-- 2 -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:SqlInjection_content6.adoc"></div>
</div>
<!-- 3 -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:SqlInjection_content6a.adoc"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/SqlInjection/attack6a"
action="/WebGoat/SqlInjectionAdvanced/attack6a"
enctype="application/json;charset=UTF-8">
<table>
<tr>
@ -29,15 +31,10 @@
<td></td>
</tr>
</table>
</form>
<div class="attack-feedback"></div>
<div class="attack-output"></div>
</div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
</form>
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/SqlInjection/attack6b"
action="/WebGoat/SqlInjectionAdvanced/attack6b"
enctype="application/json;charset=UTF-8">
<table>
<tr>
@ -54,6 +51,7 @@
</div>
</div>
<!-- 4 -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:SqlInjection_content6c.adoc"></div>
</div>
@ -83,7 +81,7 @@
<div class="col-lg-12">
<form id="login-form" class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="SqlInjection/challenge_Login"
action="SqlInjectionAdvanced/challenge_Login"
enctype="application/json;charset=UTF-8" role="form">
<div class="form-group">
<input type="text" name="username_login" id="username4" tabindex="1"
@ -119,7 +117,7 @@
</form>
<form id="register-form" class="attack-form" accept-charset="UNKNOWN"
method="PUT" name="form"
action="SqlInjection/challenge"
action="SqlInjectionAdvanced/challenge"
enctype="application/json;charset=UTF-8" style="display: none;" role="form">
<div class="form-group">
<input type="text" name="username_reg" id="username" tabindex="1"
@ -172,7 +170,7 @@
<div class="container-fluid">
<form id="quiz-form" class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="SqlInjection/quiz"
action="/WebGoat/SqlInjectionAdvanced/quiz"
enctype="application/json;charset=UTF-8" role="form">
<div id="q_container"></div>
<br />

12
webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6aTest.java
View File

@ -30,7 +30,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
@Test
public void wrongSolution() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a")
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6a")
.param("userid_6a", "John"))
.andExpect(status().isOk())
@ -39,7 +39,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
@Test
public void wrongNumberOfColumns() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a")
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6a")
.param("userid_6a", "Smith' union select userid,user_name, password,cookie from user_system_data --"))
.andExpect(status().isOk())
@ -49,7 +49,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
@Test
public void wrongDataTypeOfColumns() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a")
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6a")
.param("userid_6a", "Smith' union select 1,password, 1,'2','3', '4',1 from user_system_data --"))
.andExpect(status().isOk())
@ -59,7 +59,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
@Test
public void correctSolution() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a")
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6a")
.param("userid_6a", "Smith'; SELECT * from user_system_data; --"))
.andExpect(status().isOk())
.andExpect(jsonPath("$.lessonCompleted", is(false)))
@ -68,7 +68,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
@Test
public void noResultsReturned() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a")
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6a")
.param("userid_6a", "Smith' and 1 = 2 --"))
.andExpect(status().isOk())
@ -78,7 +78,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
@Test
public void noUnionUsed() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a")
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6a")
.param("userid_6a", "S'; Select * from user_system_data; --"))
.andExpect(status().isOk())

4
webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6bTest.java
View File

@ -29,7 +29,7 @@ public class SqlInjectionLesson6bTest extends LessonTest {
@Test
public void submitCorrectPassword() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6b")
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6b")
.param("userid_6b", "passW0rD"))
.andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(true)));
@ -37,7 +37,7 @@ public class SqlInjectionLesson6bTest extends LessonTest {
@Test
public void submitWrongPassword() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6b")
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6b")
.param("userid_6b", "John"))
.andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(false)));

4
webwolf/src/main/resources/application.properties
View File

@ -1,3 +1,7 @@
spring.mandatory-file-encoding=UTF-8
spring.http.encoding.charset=UTF-8
spring.http.encoding.enabled=true
server.error.include-stacktrace=always
server.error.path=/error.html
server.session.timeout=6000